diff --git a/docker/nginx/root/etc/nginx/nginx.conf b/docker/nginx/root/etc/nginx/nginx.conf index ce2809fa91..7048b92876 100755 --- a/docker/nginx/root/etc/nginx/nginx.conf +++ b/docker/nginx/root/etc/nginx/nginx.conf @@ -29,7 +29,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Xss-Protection "1; mode=block" always; add_header Referrer-Policy strict-origin-when-cross-origin; - add_header Content-Security-Policy "default-src 'self' 127.0.0.1 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com ;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net ; object-src 'self';frame-ancestors 'self' "; + add_header Content-Security-Policy "default-src 'self' 127.0.0.1 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io https://www.googletagmanager.com *.google-analytics.com data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com ;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net ; object-src 'self';frame-ancestors 'self' "; include /etc/nginx/conf.d/*.conf; } diff --git a/templates/web/common/analytics.html.twig b/templates/web/common/analytics.html.twig index 83b87cf204..fcd02777e8 100644 --- a/templates/web/common/analytics.html.twig +++ b/templates/web/common/analytics.html.twig @@ -1,15 +1,12 @@ {% if app['conf'].get(['registry', 'general', 'analytics']) != '' %} - + {% endif %}