I've setted up Piwik like you suggest in you FAQ. However, to be able to use it, I have to allow
script-src 'unsafe-inline', which I don't want.
Will you make an enhancement to avoid this?
you could use 'nonce-myrandomstring' or move the snippet into an external js file
My piwik.js file is on my server and the snippet is already in an external file. I've tried to add the nonce on it but I still have the issue.
It doesn't work for me. The only exception I have from the FAQ is that piwik.js is loaded from the same domain. I may do something wrong but I really don't see what.
Ok we will investigate in the next few weeks.
If anyone knows about CSP feel free to take a look (Pull request welcome!).
Did you have some news for this problem ?
I am using the piwik script in an external file too to prevent having any inline js code in my pages, and I am encountering the same problem as @mchandelier.
Do you have an idea why the piwik script, which is embedded in an external script, require using
script-src 'unsafe-inline' ?