diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master index bfa94f8fb3b3d3eaf81a4fffb25678bd3c7e8fc7..51f61ffed1e0779d883bd56c19b629ef4847f16e 100644 --- a/server/conf/nginx_vhost.conf.master +++ b/server/conf/nginx_vhost.conf.master @@ -169,7 +169,7 @@ server { index index.html index.php; auth_basic "Members Only"; auth_basic_user_file ; - add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline';"; + add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;"; } location ^~ /awstats-icon { diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 2ed205cd8916d9b1e2a7f5ef9262fb8368fdab15..103cfef339b7fb5564a6c98633b0b19eedadbb7f 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -1957,7 +1957,7 @@ class apache2_plugin { if($data['new']['stats_type'] != '') { if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats'); - $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user\nDirectoryIndex index.html index.php\nHeader unset Content-Security-Policy\n\nAddDefaultCharset UTF-8\n\n"; + $ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user\nDirectoryIndex index.html index.php\nHeader set Content-Security-Policy \"default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;\"\n\nAddDefaultCharset UTF-8\n\n"; $app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', $ht_file); $app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', 0755); unset($ht_file);