Rocket.Chat
Rocket.Chat copied to clipboard
RocketChat
Matomo (Piwik) and CSP error
Description:
Matomo analytics are being blocked because of a CSP policy blocking the Matomo js file.
Steps to reproduce:
- Go to Admin -> Analytics -> Setup Piwik (Matomo)
- Save changes
- Reload Rocket.Chat in regular user with Inspect open in browser.
Expected behavior:
Send Analytics to Matomo instance
Actual behavior:
SCP blocking of js file on Matomo.
See here for more information: https://content-security-policy.com/examples/blocked-csp/ - looks like the header or meta tag needs to be updated. Here is specific information - https://content-security-policy.com/script-src/ it looks like script-src needs to be added to the 'home' header with the matomo url.
Also Piwik should be renamed to Matomo
Server Setup Information:
- Version of Rocket.Chat Server: 3.16.3
- Operating System: Ubuntu 18.04
- Deployment Method: Docker
- Number of Running Instances: 1
- DB Replicaset Oplog:
- NodeJS Version: v12.22.1
- MongoDB Version: 4.0.17
Client Setup Information
- Desktop App or Browser Version: Brave, Edge, Firefox
- Operating System: Ubuntu
Hey there,
Thanks for reporting this.
Can you please test this out on the latest version and let us know? (3.17.1)
Bugs are often fixed on the latest release so please test it there first and see if it still occurs. You can also test on the development version, or try on open.rocket.chat which is usually the latest development code.
@yashovardhan thank you, I did try it also on the latest release. It's pointing to analytics.doman.com/js but I think that's wrong as well.
If this needs to be addressed by changing the way the tracking script is included, here is the relevant code (I think):
https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/app/analytics/client/loadScript.js
