نسيت تعديل CSP عند إضافة رمز التتبع عبر مكون مخصص

I’ve tried to add

in </head>

<!-- Matomo - head -->
<script type="text/discourse-plugin" version="0.2">
    // Track page views 
    api.onPageChange((url, title) => {
        if (_paq) {
            try {
                var currentUser = PreloadStore.get('currentUser');
                _paq.push(['setCustomVariable', 3, 'Forum status', !currentUser ? 'Anonymous' : 'LoggedIn user', 'visit']);
            } catch(e) {} 
              
            _paq.push(["setCustomUrl", url]);
            _paq.push(["setDocumentTitle", title]);
            _paq.push(["trackPageView"]);
        }
    });
</script>
<!-- /Matomo - head -->

then in </body>

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://stats.xxxxxxx.xxx/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '8']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

And all I get is html source of the page is the html comments. <script> tags seam to have been removed.
Is there a security setting to be activated as to allow scripts in those areas?

<!-- Matomo - head -->

<!-- /Matomo - head -->
[...]
<!-- Matomo -->

<!-- End Matomo Code -->

Thanks for your help

You should use this Script to enable Matomo analytics on Discourse

Thanks you, that should solve my current problem…

But shouldn’t it be possible to inject custom js in those sections anyhow ?

I’ve installed the component and activated it for “Default” theme … and doesn’t seem to work any better :-/

Did you check your browser logs? Have you added your Matomo script host to the CSP setting list?

You got it right… I was not aware of a CSP setting…

That is something the browser logs will always warn about, so always check those.

Hi @Falco I think I’ve got the same problem with Matomo not working with Discourse. It is what the support team of Matomo told me when I opened a ticket on their github :

Matomo support : “I checked your website and the configured CSP is preventing to load our tracker. You’ll want to have a look at Is the Matomo JavaScript Tracker CSP (Content Security Policy) compatible and how do I set it up? FAQ - General - Matomo Analytics Platform and check how this can be configured in your server environment.”

I went to my Discourse logs (URL/logs) and couldn’t find anything related.

My discourse is on this URL : https://hec.fm
And my Matomo instance on : https://stats.hec.fm

And I thought I already changed the CSP in the settings to make it work but still not working :

CSP not working Matomo964×760 68.8 KB

I thought I followed thoroughly the tutorial Script to enable Matomo analytics on Discourse but seems not enough.

What did I do wrong ?

I see the Matomo script loading correctly on hec.fm, so you’re not having a CSP issue. Maybe it’s something else on the Matomo side?

Also the rows below https://stats.hec.fm/Matomo in your screenshot above are unnecessary.