HTTP Headers & Matomo script Topic is solved

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
Von Barron
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Fri Apr 08, 2016 9:19 am

HTTP Headers & Matomo script

Post by Von Barron » Fri Feb 16, 2024 8:33 am

Hi guys,

I'm not sure to be on the right part of the forum, so don't hesitate to move this question to the right section if needed.

I've activated the plugin HTTP HEADERS and added a directive to "whitelist" Matomo script:

Policy Directive: script-src
Value: https://url-to-my-matomo/
Client: both

Dunno if this directive is correct (or another setting in the plugin) because as soon I activate the plugin, Matomo real-time traffic goes down to zero.

Joomla 4.4.2
Itcs Matomo Plugin 4.0.0

Thanks in advance to point me in the right direction.
VB

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24976
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: HTTP Headers & Matomo script

Post by pe7er » Sat Feb 17, 2024 5:38 pm

Von Barron wrote:
Fri Feb 16, 2024 8:33 am
I've activated the plugin HTTP HEADERS and added a directive to "whitelist" Matomo script:

Policy Directive: script-src
Value: https://url-to-my-matomo/
Client: both

Dunno if this directive is correct (or another setting in the plugin) because as soon I activate the plugin, Matomo real-time traffic goes down to zero.
I have Matomo with HTTP security headers working on multiple domains.
I do not use the plugin but added the Matomo script directly in my template.

In the plugin "System - HTTP Headers", on the "Content-Security-Policy (CSP)" tab, I've configured the matomo script:

Policy Directive: script-src
Value: 'self' 'unsafe-inline' my-own-domain.nl/matomo.js
Client: Site

(I've added the domain name without https:// )

If you use Chrome or Firefox, check the "Inspect" option, and then the "Console" to see any errors regarding not being able to load exernal (Matomo) scripts because of the CSP.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

Von Barron
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Fri Apr 08, 2016 9:19 am

Re: HTTP Headers & Matomo script

Post by Von Barron » Tue Feb 20, 2024 11:48 am

Vielen Dank Peter, it works like a charm now

VB

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24976
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: HTTP Headers & Matomo script

Post by pe7er » Tue Feb 20, 2024 12:37 pm

Good to hear! You're welcome!
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com


Post Reply

Return to “Security in Joomla! 4.x”