From a73e3c76dc5004e78b26bc97348a7d1240e25ba8 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 18:52:48 +0000
Subject: [PATCH 1/3] =?UTF-8?q?Remove=20document.write=E2=80=99s=20to=20al?=
 =?UTF-8?q?low=20CSP=20to=20be=20re-enabled?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 changelog.md                              | 3 +++
 resources/views/micropub/create.blade.php | 4 ----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/changelog.md b/changelog.md
index b60d9daa..433fe57c 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.4 (2017-03-07)
+  - Remove document.write to allow CSP to work
+
 ## Version 0.3.3 (2017-03-03)
   - Fix issue when accessing /admin
 
diff --git a/resources/views/micropub/create.blade.php b/resources/views/micropub/create.blade.php
index 532912eb..6cf8be4e 100644
--- a/resources/views/micropub/create.blade.php
+++ b/resources/views/micropub/create.blade.php
@@ -28,10 +28,6 @@ New Note «
 @stop
 
 @section('scripts')
-<script>
-    window.Promise || document.write('<script src="https://unpkg.com/promise-polyfill/promise.min.js"><\/script>');
-    window.fetch || document.write('<script src="https://unpkg.com/whatwg-fetch/fetch.js"><\/script>');
-</script>
 <script defer src="/assets/js/newnote.js"></script>
 
 <link rel="stylesheet" href="/assets/frontend/alertify.css">

From 7d91f8f0f902a179eb9de16b2ebbc9a75be79ec0 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 19:50:14 +0000
Subject: [PATCH 2/3] Move piwik code into its own js file for compatability
 with CSP

---
 changelog.md                     |   3 +++
 public/assets/js/piwik.js        |  13 +++++++++++++
 public/assets/js/piwik.js.br     | Bin 0 -> 281 bytes
 public/assets/js/piwik.js.gz     | Bin 0 -> 380 bytes
 resources/views/master.blade.php |  15 +--------------
 5 files changed, 17 insertions(+), 14 deletions(-)
 create mode 100644 public/assets/js/piwik.js
 create mode 100644 public/assets/js/piwik.js.br
 create mode 100644 public/assets/js/piwik.js.gz

diff --git a/changelog.md b/changelog.md
index 433fe57c..1db4f776 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.5 (2017-03-07)
+  - Move piwik code into its own js file to allow for CSP
+
 ## Version 0.3.4 (2017-03-07)
   - Remove document.write to allow CSP to work
 
diff --git a/public/assets/js/piwik.js b/public/assets/js/piwik.js
new file mode 100644
index 00000000..2a83251b
--- /dev/null
+++ b/public/assets/js/piwik.js
@@ -0,0 +1,13 @@
+// Piwik in its own js file to allow usage with a CSP policy
+
+var _paq = _paq || [];
+// tracker methods like "setCustomDimension" should be called before "trackPageView"
+_paq.push(['trackPageView']);
+_paq.push(['enableLinkTracking']);
+(function() {
+    var u="https://analytics.jmb.lv/";
+    _paq.push(['setTrackerUrl', u+'piwik.php']);
+    _paq.push(['setSiteId', '1']);
+    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
+    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
+})();
diff --git a/public/assets/js/piwik.js.br b/public/assets/js/piwik.js.br
new file mode 100644
index 0000000000000000000000000000000000000000..3a641e17d966633544f4cec2e020ab039328cb4f
GIT binary patch
literal 281
zcmV+!0p|W2KLP-p1$N`h153lmju}Fe^?FZQBt2QGrYN?rE5#;M<(ptMh{D#{(QW-D
zp|Z}N@aEZXm}XDRoK>f20fD`=VqKqtnYYkSv=-n{0K09r_vqVf;^{4e66qC?@n<u~
zHZFONr@3+_v~^PJGF->`m7>oAZswZpP7V%*W(nZ;M=FRQ@nFK}3C^E@E81?hZ$h4`
z+)kBF=V%##g7Rx7P$K)RJDUc5#3926aMahNNK8aCO<=<2h1!OyR&X;vt-Z5+u7;?v
zK6~_3=3Ue`s^v9pF$6zIQ_)44k`GFo#9m@h?~gtW-6Ps-YTO^v-HkEYp*)+9@TAZ1
fW{CwRj1ZiWMugEt8-!{PWk6-_O!U;P^{65Rs~e6b

literal 0
HcmV?d00001

diff --git a/public/assets/js/piwik.js.gz b/public/assets/js/piwik.js.gz
new file mode 100644
index 0000000000000000000000000000000000000000..fb511a83f581aeb306c40ae5dfe990f41434bd66
GIT binary patch
literal 380
zcmV-?0fYV@iwFP!0000218tF2zuPbj#ozNO^cyAJ?h21%W@ZN0Q4^)6S#n|U-RJZ&
zgyZw~5sgOhl9n_FazMi1mkv6H85soepp5ZLNUR!!B}oek?!0*k!5h-+qFAU1KZ5!N
z*S24O|H7AVSBh*ZQRz8Guqdss84S%4PBF@z#NzE;vgnw+I|bbOWNMfq=o}6EubGb-
z-dMcMk>3+8PZfQDVMyFoU&=#L`E79Jkcv)C4L&6|f7^59nhjFTlGBo7Rs;A`KtB5P
z)3sBrNZ`w(k#fqcg)|R4I~|(E=+u=BcF>zq-foxnE}C)+(uFeg{Tqfh<R~X@cte7Z
z>I|2YJ){p^U#q=Nxe>Aj&9!={BPzjr2K%L|WF09;IoJZuVuP}y@a^?m)jU@g_n9x_
zZ`;1jP}Tvjm4Yi7b!wq@h$~r9ymtDU#Dx7{jWdjUe;oC-y;?fXJP(74Ioxw!<B%L<
al-rxhRLvIWD*g?s{QM7PfU6Tg0ssK^VYt`;

literal 0
HcmV?d00001

diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php
index 321a8492..5bcda454 100644
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@@ -47,20 +47,7 @@
 </footer>
 @if (config('app.piwik') === true)
 <!-- Piwik -->
-<script type="text/javascript">
-    var _paq = _paq || [];
-    // tracker methods like "setCustomDimension" should be called before "trackPageView"
-    _paq.push(['trackPageView']);
-    _paq.push(['enableLinkTracking']);
-    (function() {
-        var u="https://analytics.jmb.lv/";
-        _paq.push(['setTrackerUrl', u+'piwik.php']);
-        _paq.push(['setSiteId', '1']);
-        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-        g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
-    })();
-</script>
-<!-- End Piwik Code -->
+<script defer src="/assets/js/piwik.js"></script>
 @endif
 </body>
 </html>

From 005e373043f717d6bfe74573570dd5c0a776519d Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 20:07:46 +0000
Subject: [PATCH 3/3] Pull in the external piwik.js manually

---
 changelog.md                     |   3 +++
 public/assets/js/piwik.js        |   9 ++-------
 public/assets/js/piwik.js.br     | Bin 281 -> 173 bytes
 public/assets/js/piwik.js.gz     | Bin 380 -> 238 bytes
 resources/views/master.blade.php |   3 ++-
 5 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/changelog.md b/changelog.md
index 1db4f776..a6fe7f33 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.6 (2017-03-07)
+  - Pull in Piwik’s own piwik.js manually, again for CSP
+
 ## Version 0.3.5 (2017-03-07)
   - Move piwik code into its own js file to allow for CSP
 
diff --git a/public/assets/js/piwik.js b/public/assets/js/piwik.js
index 2a83251b..37378758 100644
--- a/public/assets/js/piwik.js
+++ b/public/assets/js/piwik.js
@@ -4,10 +4,5 @@ var _paq = _paq || [];
 // tracker methods like "setCustomDimension" should be called before "trackPageView"
 _paq.push(['trackPageView']);
 _paq.push(['enableLinkTracking']);
-(function() {
-    var u="https://analytics.jmb.lv/";
-    _paq.push(['setTrackerUrl', u+'piwik.php']);
-    _paq.push(['setSiteId', '1']);
-    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
-})();
+_paq.push(['setTrackerUrl', 'https://analytics.jmb.lv/piwik.php']);
+_paq.push(['setSiteId', '1']);
diff --git a/public/assets/js/piwik.js.br b/public/assets/js/piwik.js.br
index 3a641e17d966633544f4cec2e020ab039328cb4f..9498983a9fc9e2caabdf23e2677687aaa6b1ca3a 100644
GIT binary patch
literal 173
zcmV;e08;-OO#uL8++3%m-y5?2bZ?%-fvcG9fc<}~y9U+*ibt~rmO__q^A>uOgy~8m
zM0z141mi!>!noa?&FL1(nQ-f5>oTDc%s3G28E|u`j^-2$QJOhI!uLmNM#LI*>!wd|
zeynk&+db}^l&9)(s-4bp8GwTFYXcY&pWT^04f<3O_yA6OCUsWxn?7UHE4>zal~z=H
b(akiiEnGfyAcW{Yo60wR;_;z=PfsH%Q?XRw

literal 281
zcmV+!0p|W2KLP-p1$N`h153lmju}Fe^?FZQBt2QGrYN?rE5#;M<(ptMh{D#{(QW-D
zp|Z}N@aEZXm}XDRoK>f20fD`=VqKqtnYYkSv=-n{0K09r_vqVf;^{4e66qC?@n<u~
zHZFONr@3+_v~^PJGF->`m7>oAZswZpP7V%*W(nZ;M=FRQ@nFK}3C^E@E81?hZ$h4`
z+)kBF=V%##g7Rx7P$K)RJDUc5#3926aMahNNK8aCO<=<2h1!OyR&X;vt-Z5+u7;?v
zK6~_3=3Ue`s^v9pF$6zIQ_)44k`GFo#9m@h?~gtW-6Ps-YTO^v-HkEYp*)+9@TAZ1
fW{CwRj1ZiWMugEt8-!{PWk6-_O!U;P^{65Rs~e6b

diff --git a/public/assets/js/piwik.js.gz b/public/assets/js/piwik.js.gz
index fb511a83f581aeb306c40ae5dfe990f41434bd66..c218f0d16bb2474f7220cee3e3ab97b660f470de 100644
GIT binary patch
literal 238
zcmV<K01^KmiwFP!0000218q>ndhB2b-RCK&d-HW!+uXXlYlN9F;g=i8_`8p8YMX<@
zIfNlxQiF0J3#0<BVWB2aAx2OK5wmMRDNz-nL7G7XJ2#i$9aGW@f_hZIhmZcl_Skg0
z@bb1943=sUB{>#gP&1bbFy#o7g1S?RI<rd#t&p>mAek#Ug%}};m~rS;Trp@Kt+*Uq
zz9(!<2EzlZzLaeKW$s&P?rmZ7TNP~-GoF&oZ-;$ktG`+VbyUORuHd<4n9EeXY=mKC
oBW@`rvRX6oD%V3l{LZS+{9ik6Nbx8g&aaKieZ?s`y-ooD033j7e*gdg

literal 380
zcmV-?0fYV@iwFP!0000218tF2zuPbj#ozNO^cyAJ?h21%W@ZN0Q4^)6S#n|U-RJZ&
zgyZw~5sgOhl9n_FazMi1mkv6H85soepp5ZLNUR!!B}oek?!0*k!5h-+qFAU1KZ5!N
z*S24O|H7AVSBh*ZQRz8Guqdss84S%4PBF@z#NzE;vgnw+I|bbOWNMfq=o}6EubGb-
z-dMcMk>3+8PZfQDVMyFoU&=#L`E79Jkcv)C4L&6|f7^59nhjFTlGBo7Rs;A`KtB5P
z)3sBrNZ`w(k#fqcg)|R4I~|(E=+u=BcF>zq-foxnE}C)+(uFeg{Tqfh<R~X@cte7Z
z>I|2YJ){p^U#q=Nxe>Aj&9!={BPzjr2K%L|WF09;IoJZuVuP}y@a^?m)jU@g_n9x_
zZ`;1jP}Tvjm4Yi7b!wq@h$~r9ymtDU#Dx7{jWdjUe;oC-y;?fXJP(74Ioxw!<B%L<
al-rxhRLvIWD*g?s{QM7PfU6Tg0ssK^VYt`;

diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php
index 5bcda454..2ee7e08d 100644
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@@ -47,7 +47,8 @@
 </footer>
 @if (config('app.piwik') === true)
 <!-- Piwik -->
-<script defer src="/assets/js/piwik.js"></script>
+<script defer src="https://analytics.jmb.lv/piwik.js"></script>
+<script src="/assets/js/piwik.js"></script>
 @endif
 </body>
 </html>