GoAccess stats blocked by Content Security Policy (nginx)
short description
Loading GoAccess resources is blocked by Content Security Policy in current Firefox and partial in Edge.
correct behavior
Should not be blocked.
environment
Server OS: ubuntu
Server OS version: 20.04.1 (focal)
ISPConfig version: 3.2dev20201006
nginx version: nginx/1.18.0 (Ubuntu)
proposed fix
change header Content-Security-Policy
in server/conf/nginx_vhost.conf.master
for location /stats/
from
add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline';";
to
add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;";
references
screenshots
workaround
Add the following to nginx directives in the website options to overwrite the defaults:
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file {DOCROOT}stats/.htpasswd_stats;
add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;";
}