Content Security Policy Headers: how to add?

[stefangweichinger]

We have a matomo-container at https://stats.ourdomain.com and websites at other URLs as https://www.ourdomain.com

So embedding the OptOut-iframe needs to be allowed via something like

add_header Content-Security-Policy "frame-ancestors 'self'` [..]

in nginx.conf, right? We had that in our former VM-based setup.

Now I get Errors 403, I tried to add the lines into the matomo.conf (next to the docker-compose.yml) and they get into the running container, but we still see errors.

Could someone show a working example, please?

thanks, Stefan ...

[stefangweichinger]

Ah, sorry, it works! The old iframe-code had a wrong/outdated path/subdir in it ... new code works now.