From a73e3c76dc5004e78b26bc97348a7d1240e25ba8 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 18:52:48 +0000
Subject: [PATCH 1/3] =?UTF-8?q?Remove=20document.write=E2=80=99s=20to=20al?=
 =?UTF-8?q?low=20CSP=20to=20be=20re-enabled?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 changelog.md                              | 3 +++
 resources/views/micropub/create.blade.php | 4 ----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/changelog.md b/changelog.md
index b60d9daa..433fe57c 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.4 (2017-03-07)
+  - Remove document.write to allow CSP to work
+
 ## Version 0.3.3 (2017-03-03)
   - Fix issue when accessing /admin
 
diff --git a/resources/views/micropub/create.blade.php b/resources/views/micropub/create.blade.php
index 532912eb..6cf8be4e 100644
--- a/resources/views/micropub/create.blade.php
+++ b/resources/views/micropub/create.blade.php
@@ -28,10 +28,6 @@ New Note «
 @stop
 
 @section('scripts')
-<script>
-    window.Promise || document.write('<script src="https://unpkg.com/promise-polyfill/promise.min.js"><\/script>');
-    window.fetch || document.write('<script src="https://unpkg.com/whatwg-fetch/fetch.js"><\/script>');
-</script>
 <script defer src="/assets/js/newnote.js"></script>
 
 <link rel="stylesheet" href="/assets/frontend/alertify.css">

From 7d91f8f0f902a179eb9de16b2ebbc9a75be79ec0 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 19:50:14 +0000
Subject: [PATCH 2/3] Move piwik code into its own js file for compatability
 with CSP

---
 changelog.md                     |   3 +++
 public/assets/js/piwik.js        |  13 +++++++++++++
 public/assets/js/piwik.js.br     | Bin 0 -> 281 bytes
 public/assets/js/piwik.js.gz     | Bin 0 -> 380 bytes
 resources/views/master.blade.php |  15 +--------------
 5 files changed, 17 insertions(+), 14 deletions(-)
 create mode 100644 public/assets/js/piwik.js
 create mode 100644 public/assets/js/piwik.js.br
 create mode 100644 public/assets/js/piwik.js.gz

diff --git a/changelog.md b/changelog.md
index 433fe57c..1db4f776 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.5 (2017-03-07)
+  - Move piwik code into its own js file to allow for CSP
+
 ## Version 0.3.4 (2017-03-07)
   - Remove document.write to allow CSP to work
 
diff --git a/public/assets/js/piwik.js b/public/assets/js/piwik.js
new file mode 100644
index 00000000..2a83251b
--- /dev/null
+++ b/public/assets/js/piwik.js
@@ -0,0 +1,13 @@
+// Piwik in its own js file to allow usage with a CSP policy
+
+var _paq = _paq || [];
+// tracker methods like "setCustomDimension" should be called before "trackPageView"
+_paq.push(['trackPageView']);
+_paq.push(['enableLinkTracking']);
+(function() {
+    var u="https://analytics.jmb.lv/";
+    _paq.push(['setTrackerUrl', u+'piwik.php']);
+    _paq.push(['setSiteId', '1']);
+    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
+    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
+})();
diff --git a/public/assets/js/piwik.js.br b/public/assets/js/piwik.js.br
new file mode 100644
index 0000000000000000000000000000000000000000..3a641e17d966633544f4cec2e020ab039328cb4f
GIT binary patch
literal 281
zcmb2PXJVMcTK4!fv-jZ>eUeU-zgGE2sn|xYTBfmWz4lSHkf*Z~Ogau-yLmD9uj;~0
z=jMHQb~ArQn*W(Oq02KE8~1KWik;sybNdDVEn*J>7<T7w`~Ko~&ZC#Q%|b6lCwxpd
zK5nL0*|&UWk=mBhpw~t*$A3;;be<{i*{rvIe0;5GoDaUcYjr4mOgQv{^W6Lf?OS=<
z@}1_by5l$1?|Ft~L(`{hwE(5xYpiFp)gDni%wBNi`VtQx7h~UqL(f`owXF&(Ft%U2
zcXQ3UwiO%fs=tIhi@jpL>Zxh2A&b37@I}{|llZ-6ABjr}c;9cwdsq2ZcGeyFOLuz>
rZ!NT$-Tz_9`44HGtZF?1b0)gATy&Lg$>L9SNPXw?<;vQxE0kCPs~e6b

literal 0
HcmV?d00001

diff --git a/public/assets/js/piwik.js.gz b/public/assets/js/piwik.js.gz
new file mode 100644
index 0000000000000000000000000000000000000000..fb511a83f581aeb306c40ae5dfe990f41434bd66
GIT binary patch
literal 380
zcmb2|=3oE;Cg$9Uq5E$e@EpDWS@Vmu>fLu-{mE%*Y}W&YmoAGeO8jv5`4^*>$Dh9o
z_PTwTG|hy)$l=g~>3mjgl9DVR7xaAe_E;m;qUy=b^=?lk=RxU9uNOtE;IMD{#d>{P
zeEt7J)APf-a<l?pTDon}Si4@5=d7Tg;i<Vt9=(m-^kT*yYt}ozQnF?!y^!Jky?$oD
z<h_VJXC~ek*7FywZAkRE6Bd8UIp}9@!P5y{e!jeRs^;~#i=WKm4LUpN@}%T2<{!Zh
zcE7${-Wt5t<H7006N^r*X*J=uww9fB^u?8_yk!?=2j0t@{!MRI5%;B5qc4A@+svM5
zsOMEUH}${bnLgQe34d(->b-tD1vjyt-CDImS?gdm+wY~TQe-tfEN?KKOKRS<_`}<;
z(N}H4#lFwff1H1N-`Rj`jO(X1X-k%7EiCKMjttyW_G{LWmcQ}6#y!>bGGDjujj}pt
p!{6Lxd8au3@dTOVDYs{z3^^<IT<ah2sy~1DQyW$bJ1{XY008!3xYz&y

literal 0
HcmV?d00001

diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php
index 321a8492..5bcda454 100644
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@@ -47,20 +47,7 @@
 </footer>
 @if (config('app.piwik') === true)
 <!-- Piwik -->
-<script type="text/javascript">
-    var _paq = _paq || [];
-    // tracker methods like "setCustomDimension" should be called before "trackPageView"
-    _paq.push(['trackPageView']);
-    _paq.push(['enableLinkTracking']);
-    (function() {
-        var u="https://analytics.jmb.lv/";
-        _paq.push(['setTrackerUrl', u+'piwik.php']);
-        _paq.push(['setSiteId', '1']);
-        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-        g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
-    })();
-</script>
-<!-- End Piwik Code -->
+<script defer src="/assets/js/piwik.js"></script>
 @endif
 </body>
 </html>

From 005e373043f717d6bfe74573570dd5c0a776519d Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Tue, 7 Mar 2017 20:07:46 +0000
Subject: [PATCH 3/3] Pull in the external piwik.js manually

---
 changelog.md                     |   3 +++
 public/assets/js/piwik.js        |   9 ++-------
 public/assets/js/piwik.js.br     | Bin 281 -> 173 bytes
 public/assets/js/piwik.js.gz     | Bin 380 -> 238 bytes
 resources/views/master.blade.php |   3 ++-
 5 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/changelog.md b/changelog.md
index 1db4f776..a6fe7f33 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version 0.3.6 (2017-03-07)
+  - Pull in Piwik’s own piwik.js manually, again for CSP
+
 ## Version 0.3.5 (2017-03-07)
   - Move piwik code into its own js file to allow for CSP
 
diff --git a/public/assets/js/piwik.js b/public/assets/js/piwik.js
index 2a83251b..37378758 100644
--- a/public/assets/js/piwik.js
+++ b/public/assets/js/piwik.js
@@ -4,10 +4,5 @@ var _paq = _paq || [];
 // tracker methods like "setCustomDimension" should be called before "trackPageView"
 _paq.push(['trackPageView']);
 _paq.push(['enableLinkTracking']);
-(function() {
-    var u="https://analytics.jmb.lv/";
-    _paq.push(['setTrackerUrl', u+'piwik.php']);
-    _paq.push(['setSiteId', '1']);
-    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
-})();
+_paq.push(['setTrackerUrl', 'https://analytics.jmb.lv/piwik.php']);
+_paq.push(['setSiteId', '1']);
diff --git a/public/assets/js/piwik.js.br b/public/assets/js/piwik.js.br
index 3a641e17d966633544f4cec2e020ab039328cb4f..9498983a9fc9e2caabdf23e2677687aaa6b1ca3a 100644
GIT binary patch
literal 173
zcmb34Wn@UX6SI8Ded$gAO7iC&X<R+yZNuOC)w|iQF?G3bW}W6VJ@2zv)#R3!UP>-i
ziYhFR?av+Bad+<7mtv=87Q9Y*ZM0DEjD^4($%5h)ea}RA0%ut|9s2H`<#t4>^z}0T
zg1R+@OK;o0n>}UutHM=t&lO5GG=0iumJpnOccvZhuMoi>41U#WrD30E+a+Jt-YZr$
hH7un1;#rfmx-oVo3N0_}XP+{!ee`i*oxi`b764PRRNw#r

literal 281
zcmb2PXJVMcTK4!fv-jZ>eUeU-zgGE2sn|xYTBfmWz4lSHkf*Z~Ogau-yLmD9uj;~0
z=jMHQb~ArQn*W(Oq02KE8~1KWik;sybNdDVEn*J>7<T7w`~Ko~&ZC#Q%|b6lCwxpd
zK5nL0*|&UWk=mBhpw~t*$A3;;be<{i*{rvIe0;5GoDaUcYjr4mOgQv{^W6Lf?OS=<
z@}1_by5l$1?|Ft~L(`{hwE(5xYpiFp)gDni%wBNi`VtQx7h~UqL(f`owXF&(Ft%U2
zcXQ3UwiO%fs=tIhi@jpL>Zxh2A&b37@I}{|llZ-6ABjr}c;9cwdsq2ZcGeyFOLuz>
rZ!NT$-Tz_9`44HGtZF?1b0)gATy&Lg$>L9SNPXw?<;vQxE0kCPs~e6b

diff --git a/public/assets/js/piwik.js.gz b/public/assets/js/piwik.js.gz
index fb511a83f581aeb306c40ae5dfe990f41434bd66..c218f0d16bb2474f7220cee3e3ab97b660f470de 100644
GIT binary patch
literal 238
zcmb2|=3oE;Cg$9Lqg8JbIPN~zTv7eGH1hVHUAwbeW*R)4E`8$1?*6>2+0BP7TNGo0
znu`>;moTkMT&NbH=oY{(xH;QFGf;G)<19xOYxC(3WP>kpHC2TiXz%}b_}h(=-5)+}
zljNC}C8%mCmJnb(oy*`U$K<A6!Ch9Hz1h}I*gRQbrnY6PgktB6!WW@2h8c2ecgV!-
zQ_t~XJIuU#-;|txsqdmQ-{mHLjuy=oF`hT+Y<_!f%If`5ETtibAFX?^Gj+!4ki9uA
ti7Co?nyQ<kj6Z5!ceej?Zq@le@z!}BA2nppt?xZmdsNeMuOA}=0{|R=YJUI#

literal 380
zcmb2|=3oE;Cg$9Uq5E$e@EpDWS@Vmu>fLu-{mE%*Y}W&YmoAGeO8jv5`4^*>$Dh9o
z_PTwTG|hy)$l=g~>3mjgl9DVR7xaAe_E;m;qUy=b^=?lk=RxU9uNOtE;IMD{#d>{P
zeEt7J)APf-a<l?pTDon}Si4@5=d7Tg;i<Vt9=(m-^kT*yYt}ozQnF?!y^!Jky?$oD
z<h_VJXC~ek*7FywZAkRE6Bd8UIp}9@!P5y{e!jeRs^;~#i=WKm4LUpN@}%T2<{!Zh
zcE7${-Wt5t<H7006N^r*X*J=uww9fB^u?8_yk!?=2j0t@{!MRI5%;B5qc4A@+svM5
zsOMEUH}${bnLgQe34d(->b-tD1vjyt-CDImS?gdm+wY~TQe-tfEN?KKOKRS<_`}<;
z(N}H4#lFwff1H1N-`Rj`jO(X1X-k%7EiCKMjttyW_G{LWmcQ}6#y!>bGGDjujj}pt
p!{6Lxd8au3@dTOVDYs{z3^^<IT<ah2sy~1DQyW$bJ1{XY008!3xYz&y

diff --git a/resources/views/master.blade.php b/resources/views/master.blade.php
index 5bcda454..2ee7e08d 100644
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@@ -47,7 +47,8 @@
 </footer>
 @if (config('app.piwik') === true)
 <!-- Piwik -->
-<script defer src="/assets/js/piwik.js"></script>
+<script defer src="https://analytics.jmb.lv/piwik.js"></script>
+<script src="/assets/js/piwik.js"></script>
 @endif
 </body>
 </html>