From 807c6ce09e4b5d49049d343d73bbca24fa84d527 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Wed, 15 Aug 2018 23:41:01 +0300 Subject: [PATCH] - Content Policy: Allow inline scripts, otherwise there is errors in browser/inspect/console. - Set default matomo settings to disabled. Thanks to xet7 ! --- Dockerfile | 4 ++-- docker-compose.yml | 17 +++++++++++------ sandstorm-pkgdef.capnp | 4 ++-- server/policy.js | 3 ++- snap-src/bin/config | 2 +- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 77cd648ec..94528ec93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,8 +33,8 @@ ENV BUILD_DEPS="apt-utils gnupg gosu wget curl bzip2 build-essential python git WITH_API=true \ MATOMO_ADDRESS="" \ MATOMO_SITE_ID="" \ - MATOMO_DO_NOT_TRACK=false \ - MATOMO_WITH_USERNAME=true \ + MATOMO_DO_NOT_TRACK=true \ + MATOMO_WITH_USERNAME=false \ BROWSER_POLICY_ENABLED=true \ TRUSTED_URL="" diff --git a/docker-compose.yml b/docker-compose.yml index ee87227b5..548669962 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -33,6 +33,7 @@ services: - METEOR_EDGE=${METEOR_EDGE} - USE_EDGE=${USE_EDGE} ports: + # Docker outsideport:insideport - 80:8080 environment: - MONGO_URL=mongodb://wekandb:27017/wekan @@ -41,14 +42,18 @@ services: # If you disable Wekan API with 'false', Export Board does not work. - WITH_API=true # Optional: Integration with Matomo https://matomo.org that is installed to your server - # The address of the server where Matomo is hosted: - # - MATOMO_ADDRESS=https://example.com/matomo + # The address of the server where Matomo is hosted. + # example: - MATOMO_ADDRESS=https://example.com/matomo + - MATOMO_ADDRESS='' # The value of the site ID given in Matomo server for Wekan - # - MATOMO_SITE_ID=123456789 - # The option do not track which enables users to not be tracked by matomo" - # - MATOMO_DO_NOT_TRACK=false + # example: - MATOMO_SITE_ID=12345 + - MATOMO_SITE_ID='' + # The option do not track which enables users to not be tracked by matomo + # example: - MATOMO_DO_NOT_TRACK=false + - MATOMO_DO_NOT_TRACK=true # The option that allows matomo to retrieve the username: - # - MATOMO_WITH_USERNAME=true + # example: MATOMO_WITH_USERNAME=true + - MATOMO_WITH_USERNAME=false # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections # and allows all iframing etc. See wekan/server/policy.js diff --git a/sandstorm-pkgdef.capnp b/sandstorm-pkgdef.capnp index 24107a1c6..20153f4ef 100644 --- a/sandstorm-pkgdef.capnp +++ b/sandstorm-pkgdef.capnp @@ -240,8 +240,8 @@ const myCommand :Spk.Manifest.Command = ( (key = "WITH_API", value = "true"), (key = "MATOMO_ADDRESS", value=""), (key = "MATOMO_SITE_ID", value=""), - (key = "MATOMO_DO_NOT_TRACK", value="false"), - (key = "MATOMO_WITH_USERNAME", value="true"), + (key = "MATOMO_DO_NOT_TRACK", value="true"), + (key = "MATOMO_WITH_USERNAME", value="false"), (key = "BROWSER_POLICY_ENABLED", value="true"), (key = "TRUSTED_URL", value=""), (key = "SANDSTORM", value = "1"), diff --git a/server/policy.js b/server/policy.js index 344e42e28..94f80b215 100644 --- a/server/policy.js +++ b/server/policy.js @@ -6,7 +6,8 @@ Meteor.startup(() => { // Trusted URL that can embed Wekan in iFrame. const trusted = process.env.TRUSTED_URL; BrowserPolicy.framing.disallow(); - BrowserPolicy.content.disallowInlineScripts(); + //Allow inline scripts, otherwise there is errors in browser/inspect/console + //BrowserPolicy.content.disallowInlineScripts(); BrowserPolicy.content.disallowEval(); BrowserPolicy.content.allowInlineStyles(); BrowserPolicy.content.allowFontDataUrl(); diff --git a/snap-src/bin/config b/snap-src/bin/config index 2c50c0744..5a745184d 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -61,7 +61,7 @@ DEFAULT_MATOMO_SITE_ID="" KEY_MATOMO_SITE_ID="matomo-site-id" DESCRIPTION_MATOMO_DO_NOT_TRACK="The option do not track which enables users to not be tracked by matomo" -DEFAULT_MATOMO_DO_NOT_TRACK="false" +DEFAULT_MATOMO_DO_NOT_TRACK="true" KEY_MATOMO_DO_NOT_TRACK="matomo-do-not-track" DESCRIPTION_MATOMO_WITH_USERNAME="The option that allows matomo to retrieve the username"