Content Security Policy Headers: how to add?
stefangweichinger opened this issue · 1 comments
stefangweichinger commented
We have a matomo-container at https://stats.ourdomain.com and websites at other URLs as https://www.ourdomain.com
So embedding the OptOut-iframe needs to be allowed via something like
add_header Content-Security-Policy "frame-ancestors 'self'` [..]
in nginx.conf, right? We had that in our former VM-based setup.
Now I get Errors 403, I tried to add the lines into the matomo.conf (next to the docker-compose.yml) and they get into the running container, but we still see errors.
Could someone show a working example, please?
thanks, Stefan ...
stefangweichinger commented
Ah, sorry, it works! The old iframe-code had a wrong/outdated path/subdir in it ... new code works now.