Forgot to edit CSP when adding tracking code via custom component

I’ve tried to add

in </head>

<!-- Matomo - head -->
<script type="text/discourse-plugin" version="0.2">
    // Track page views 
    api.onPageChange((url, title) => {
        if (_paq) {
            try {
                var currentUser = PreloadStore.get('currentUser');
                _paq.push(['setCustomVariable', 3, 'Forum status', !currentUser ? 'Anonymous' : 'LoggedIn user', 'visit']);
            } catch(e) {} 
              
            _paq.push(["setCustomUrl", url]);
            _paq.push(["setDocumentTitle", title]);
            _paq.push(["trackPageView"]);
        }
    });
</script>
<!-- /Matomo - head -->

then in </body>

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://stats.xxxxxxx.xxx/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '8']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

And all I get is html source of the page is the html comments. <script> tags seam to have been removed.
Is there a security setting to be activated as to allow scripts in those areas?

<!-- Matomo - head -->

<!-- /Matomo - head -->
[...]
<!-- Matomo -->

<!-- End Matomo Code -->

Thanks for your help

1 Like

You should use this Script to enable Matomo analytics on Discourse

1 Like

Thanks you, that should solve my current problem…

But shouldn’t it be possible to inject custom js in those sections anyhow ?

I’ve installed the component and activated it for “Default” theme … and doesn’t seem to work any better :-/

1 Like

Did you check your browser logs? Have you added your Matomo script host to the CSP setting list?

1 Like

You got it right… I was not aware of a CSP setting…

That is something the browser logs will always warn about, so always check those.

1 Like

Hi @Falco I think I’ve got the same problem with Matomo not working with Discourse. It is what the support team of Matomo told me when I opened a ticket on their github :

Matomo support : “I checked your website and the configured CSP is preventing to load our tracker. You’ll want to have a look at Is the Matomo JavaScript Tracker CSP (Content Security Policy) compatible and how do I set it up? FAQ - General - Matomo Analytics Platform and check how this can be configured in your server environment.”

I went to my Discourse logs (URL/logs) and couldn’t find anything related.

My discourse is on this URL : https://hec.fm
And my Matomo instance on : https://stats.hec.fm

And I thought I already changed the CSP in the settings to make it work but still not working :

I thought I followed thoroughly the tutorial Script to enable Matomo analytics on Discourse but seems not enough.

What did I do wrong ? :slightly_smiling_face:

I see the Matomo script loading correctly on hec.fm, so you’re not having a CSP issue. Maybe it’s something else on the Matomo side?

Also the rows below https://stats.hec.fm/Matomo in your screenshot above are unnecessary.

3 Likes