From 9b317d1677205474eb8037b99e658453739779a3 Mon Sep 17 00:00:00 2001
From: DarkFeather <ircs://aninix.net:6697/DarkFeather>
Date: Thu, 16 Nov 2023 12:50:26 -0600
Subject: [PATCH] Dropping Stripe as a payment method (will replace with
 Venmo/USDCoin address) & Google Analytics for AniNIX/Sharingan -- some
 updates for CSP in line with
 https://observatory.mozilla.org/analyze/aninix.net

---
 .../files/custom/templates/custom/footer.tmpl     | 15 ---------------
 roles/WebServer/files/conf/default.csp.conf       |  4 +++-
 2 files changed, 3 insertions(+), 16 deletions(-)

diff --git a/roles/Foundation/files/custom/templates/custom/footer.tmpl b/roles/Foundation/files/custom/templates/custom/footer.tmpl
index bd4f5f0..898ac84 100644
--- a/roles/Foundation/files/custom/templates/custom/footer.tmpl
+++ b/roles/Foundation/files/custom/templates/custom/footer.tmpl
@@ -1,16 +1,3 @@
-<!-- Google Analytics -->
-<script type="text/javascript">
-   var _gaq = _gaq || [];
-_gaq.push(['_setAccount', 'UA-18148792-3']);
-_gaq.push(['_trackPageview']);
-
-(function() {
-  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
-  ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
-  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
- })();
-
-</script>
 <!-- Replace Gitea icon with AniNIX -->
 <script type="text/javascript">
     document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
@@ -20,5 +7,3 @@ _gaq.push(['_trackPageview']);
     document.getElementById("pwdchange").setAttribute("target","_blank");
     document.getElementById("chat").setAttribute("target","_blank");
 </script>
-
-
diff --git a/roles/WebServer/files/conf/default.csp.conf b/roles/WebServer/files/conf/default.csp.conf
index 174e2e2..6398932 100644
--- a/roles/WebServer/files/conf/default.csp.conf
+++ b/roles/WebServer/files/conf/default.csp.conf
@@ -1 +1,3 @@
-add_header  "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net www.gstatic.com www.google.com js.stripe.com unsafe-inline ssl.google-analytics.com 'self' aninix.net foundation.aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; img-src foundation.aninix.net 'self' aninix.net foundation.aninix.net upload.wikimedia.org commons.wikimedia.org creativecommons.org www.w3.org stripe.com ssl.google-analytics.com; font-src fonts.gstatic.com data: 'self' aninix.net foundation.aninix.net; connect-src ssl.google-analytics.com js.stripe.com mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' js.stripe.com aninix.net foundation.aninix.net www.google.com; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self';";
+add_header  "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
+# Gitea requires unsafe-inline style sources for label colors
+# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.