diff options
Diffstat (limited to 'build/appinfo/app.php')
-rw-r--r-- | build/appinfo/app.php | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/build/appinfo/app.php b/build/appinfo/app.php index 8ded64a..44b441c 100644 --- a/build/appinfo/app.php +++ b/build/appinfo/app.php @@ -2,20 +2,21 @@ $url = \OC::$server->getConfig()->getAppValue('piwik', 'url'); if (!empty($url)) { - OCP\Util::addScript('piwik', 'track'); + \OCP\Util::addHeader( + 'script', + [ + 'src' => \OC::$server->getURLGenerator()->linkToRoute('piwik.JavaScript.tracking'), + 'nonce' => \OC::$server->getContentSecurityPolicyNonceManager()->getNonce(), + ], '' + ); - if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) { - $url = parse_url($url, PHP_URL_HOST); + $url = parse_url($url, PHP_URL_HOST); + $policy = new OCP\AppFramework\Http\ContentSecurityPolicy(); - $policy = new OCP\AppFramework\Http\ContentSecurityPolicy(); - $policy->addAllowedScriptDomain('\'self\' '); - $policy->addAllowedImageDomain('\'self\' '); - - if ($url !== false && array_key_exists('HTTP_HOST', $_SERVER) - && $_SERVER['HTTP_HOST'] !== $url && !empty($url)) { - $policy->addAllowedScriptDomain($url); - $policy->addAllowedImageDomain($url); - } + if ($url !== false && array_key_exists('HTTP_HOST', $_SERVER) + && $_SERVER['HTTP_HOST'] !== $url && !empty($url)) { + $policy->addAllowedScriptDomain($url); + $policy->addAllowedImageDomain($url); \OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy); } |