- Content Policy: Allow inline scripts, otherwise there is errors in browser/inspect/console.

- Set default matomo settings to disabled.

Thanks to xet7 !

5 files changed, 18 insertions, 12 deletions

diff --git a/Dockerfile b/Dockerfile
index 77cd648e..94528ec9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,8 +33,8 @@ ENV BUILD_DEPS="apt-utils gnupg gosu wget curl bzip2 build-essential python git
     WITH_API=true \
     MATOMO_ADDRESS="" \
     MATOMO_SITE_ID="" \
-    MATOMO_DO_NOT_TRACK=false \
-    MATOMO_WITH_USERNAME=true \
+    MATOMO_DO_NOT_TRACK=true \
+    MATOMO_WITH_USERNAME=false \
     BROWSER_POLICY_ENABLED=true \
     TRUSTED_URL=""
 
diff --git a/docker-compose.yml b/docker-compose.yml
index ee87227b..54866996 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,7 @@ services:
         - METEOR_EDGE=${METEOR_EDGE}
         - USE_EDGE=${USE_EDGE}
     ports:
+      # Docker outsideport:insideport
       - 80:8080
     environment:
       - MONGO_URL=mongodb://wekandb:27017/wekan
@@ -41,14 +42,18 @@ services:
       # If you disable Wekan API with 'false', Export Board does not work.
       - WITH_API=true
       # Optional: Integration with Matomo https://matomo.org that is installed to your server
-      # The address of the server where Matomo is hosted:
-      # - MATOMO_ADDRESS=https://example.com/matomo
+      # The address of the server where Matomo is hosted. 
+      # example: - MATOMO_ADDRESS=https://example.com/matomo
+      - MATOMO_ADDRESS=''
       # The value of the site ID given in Matomo server for Wekan
-      # - MATOMO_SITE_ID=123456789
-      # The option do not track which enables users to not be tracked by matomo"
-      # - MATOMO_DO_NOT_TRACK=false
+      # example: - MATOMO_SITE_ID=12345
+      - MATOMO_SITE_ID=''
+      # The option do not track which enables users to not be tracked by matomo
+      # example:  - MATOMO_DO_NOT_TRACK=false
+      - MATOMO_DO_NOT_TRACK=true
       # The option that allows matomo to retrieve the username:
-      # - MATOMO_WITH_USERNAME=true
+      # example: MATOMO_WITH_USERNAME=true
+      - MATOMO_WITH_USERNAME=false
       # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
       # Setting this to false is not recommended, it also disables all other browser policy protections
       # and allows all iframing etc. See wekan/server/policy.js
diff --git a/sandstorm-pkgdef.capnp b/sandstorm-pkgdef.capnp
index 24107a1c..20153f4e 100644
--- a/sandstorm-pkgdef.capnp
+++ b/sandstorm-pkgdef.capnp
@@ -240,8 +240,8 @@ const myCommand :Spk.Manifest.Command = (
     (key = "WITH_API", value = "true"),
     (key = "MATOMO_ADDRESS", value=""),
     (key = "MATOMO_SITE_ID", value=""),
-    (key = "MATOMO_DO_NOT_TRACK", value="false"),
-    (key = "MATOMO_WITH_USERNAME", value="true"),
+    (key = "MATOMO_DO_NOT_TRACK", value="true"),
+    (key = "MATOMO_WITH_USERNAME", value="false"),
     (key = "BROWSER_POLICY_ENABLED", value="true"),
     (key = "TRUSTED_URL", value=""),
     (key = "SANDSTORM", value = "1"),
diff --git a/server/policy.js b/server/policy.js
index 344e42e2..94f80b21 100644
--- a/server/policy.js
+++ b/server/policy.js
@@ -6,7 +6,8 @@ Meteor.startup(() => {
     // Trusted URL that can embed Wekan in iFrame.
     const trusted = process.env.TRUSTED_URL;
     BrowserPolicy.framing.disallow();
-    BrowserPolicy.content.disallowInlineScripts();
+    //Allow inline scripts, otherwise there is errors in browser/inspect/console
+    //BrowserPolicy.content.disallowInlineScripts();
     BrowserPolicy.content.disallowEval();
     BrowserPolicy.content.allowInlineStyles();
     BrowserPolicy.content.allowFontDataUrl();
diff --git a/snap-src/bin/config b/snap-src/bin/config
index 2c50c074..5a745184 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -61,7 +61,7 @@ DEFAULT_MATOMO_SITE_ID=""
 KEY_MATOMO_SITE_ID="matomo-site-id"
 
 DESCRIPTION_MATOMO_DO_NOT_TRACK="The option do not track which enables users to not be tracked by matomo"
-DEFAULT_MATOMO_DO_NOT_TRACK="false"
+DEFAULT_MATOMO_DO_NOT_TRACK="true"
 KEY_MATOMO_DO_NOT_TRACK="matomo-do-not-track"
 
 DESCRIPTION_MATOMO_WITH_USERNAME="The option that allows matomo to retrieve the username"