Forgot to edit CSP when adding tracking code via custom component

I’ve tried to add

in </head>

<!-- Matomo - head -->
<script type="text/discourse-plugin" version="0.2">
    // Track page views 
    api.onPageChange((url, title) => {
        if (_paq) {
            try {
                var currentUser = PreloadStore.get('currentUser');
                _paq.push(['setCustomVariable', 3, 'Forum status', !currentUser ? 'Anonymous' : 'LoggedIn user', 'visit']);
            } catch(e) {} 
              
            _paq.push(["setCustomUrl", url]);
            _paq.push(["setDocumentTitle", title]);
            _paq.push(["trackPageView"]);
        }
    });
</script>
<!-- /Matomo - head -->

then in </body>

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://stats.xxxxxxx.xxx/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '8']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

And all I get is html source of the page is the html comments. <script> tags seam to have been removed.
Is there a security setting to be activated as to allow scripts in those areas?

<!-- Matomo - head -->

<!-- /Matomo - head -->
[...]
<!-- Matomo -->

<!-- End Matomo Code -->

Thanks for your help

You should use this Script to enable Matomo analytics on Discourse

1 Like

Thanks you, that should solve my current problem…

But shouldn’t it be possible to inject custom js in those sections anyhow ?

I’ve installed the component and activated it for “Default” theme … and doesn’t seem to work any better :-/

Did you check your browser logs? Have you added your Matomo script host to the CSP setting list?

1 Like

You got it right… I was not aware of a CSP setting…

That is something the browser logs will always warn about, so always check those.

1 Like