From ea87d48cd1fb9ca6fe333ebd15767415e14770d0 Mon Sep 17 00:00:00 2001
From: Fabrice Gangler <fabrice.gangler@adullact.org>
Date: Tue, 7 Sep 2021 15:44:07 +0200
Subject: [PATCH] DOC(dev): update Security_CSP_headers/* (PROD website)

---
 .../Security_CSP_headers/CSP_matomo_hash.php  | 21 +++++++++++++++----
 .../DEV_matomo-loader.txt                     | 17 ++++++++-------
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/Documentation/doc_for-developer/Security_CSP_headers/CSP_matomo_hash.php b/Documentation/doc_for-developer/Security_CSP_headers/CSP_matomo_hash.php
index 35f8a97..b837f73 100644
--- a/Documentation/doc_for-developer/Security_CSP_headers/CSP_matomo_hash.php
+++ b/Documentation/doc_for-developer/Security_CSP_headers/CSP_matomo_hash.php
@@ -2,7 +2,8 @@
 
 $cspAlgo = 'sha256';
 $matomoUrl = 'https://statistiques.adullact.org/';
-$matomoWebsiteId = 14;
+$matomoWebsiteId = 14; // DEV website
+$matomoWebsiteId = 7;  // PROD website
 $matomoJs = "
 var _paq = window._paq || [];
 _paq.push(['trackPageView']);
@@ -23,13 +24,23 @@ function embedTrackingCode(){
 ////////////////////////////////////////////////
 $outputMatomoJs = trim("$matomoJs");
 $outputMatomoJsMinified = trim("$matomoJs");
-$outputMatomoJsMinified = str_replace(" ",  "","$outputMatomoJsMinified");
+$outputMatomoJsMinified =  preg_replace('/\r\n/', '\n', $outputMatomoJsMinified);
+$outputMatomoJsMinified = str_replace("   ",  " ","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("   ",  " ","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("  ",  " ","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("  ",  " ","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("  ",  " ","$outputMatomoJsMinified");
 $outputMatomoJsMinified = str_replace("\n", "","$outputMatomoJsMinified");
 $outputMatomoJsMinified = str_replace("\t", "","$outputMatomoJsMinified");
 $outputMatomoJsMinified = str_replace("\r", "","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("if (", "if(","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("{ ", "{","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace("; ", ";","$outputMatomoJsMinified");
+$outputMatomoJsMinified = str_replace(", ", ",","$outputMatomoJsMinified");
 $outputMatomoJsMinified = trim("$outputMatomoJsMinified");
-$hashOfMatomoJs = hash("$cspAlgo", "\n$outputMatomoJs\n");
-$hashOfMatomoJsMinified = hash("$cspAlgo", "$outputMatomoJsMinified");
+
+$hashOfMatomoJs = base64_encode(hash("$cspAlgo", "\n$outputMatomoJs\n", true));
+$hashOfMatomoJsMinified = base64_encode(hash("$cspAlgo", "$outputMatomoJsMinified", true));
 ////////////////////////////////////////////////
 $outputMatomoHml  = '';
 $outputMatomoHml .= "<!-- Matomo - Embedding JS file after load event -->\n";
@@ -58,6 +69,8 @@ function embedTrackingCode(){
 echo "\n\n------ Matomo HTML minified ------------------------------------\n";
 echo "$outputMatomoHmlMinified";
 echo "\n\n------------------------------------------\n";
+echo "$cspAlgo-$hashOfMatomoJsMinified";
+echo "\n\n------------------------------------------\n";
 
 
 
diff --git a/Documentation/doc_for-developer/Security_CSP_headers/DEV_matomo-loader.txt b/Documentation/doc_for-developer/Security_CSP_headers/DEV_matomo-loader.txt
index ed79aac..a1bf70f 100644
--- a/Documentation/doc_for-developer/Security_CSP_headers/DEV_matomo-loader.txt
+++ b/Documentation/doc_for-developer/Security_CSP_headers/DEV_matomo-loader.txt
@@ -7,7 +7,7 @@ _paq.push(['enableLinkTracking']);
 function embedTrackingCode(){
     var u='https://statistiques.adullact.org/';
     _paq.push(['setTrackerUrl', u+'matomo.php']);
-    _paq.push(['setSiteId', '14']);
+    _paq.push(['setSiteId', '7']);
     var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
     g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
 }
@@ -16,11 +16,11 @@ else if (window.attachEvent){ window.attachEvent('onload', embedTrackingCode);
 else                        { embedTrackingCode();                                       }
 
 ------ CSP hash for Matomo JS loader : sha256  ------------------------------------
-sha256-e6dbe537832f876680296da6f038b2e24584d50253fc8c8dc18241dbe1afb4e4
+sha256-Etwpv5PNlBw5TGvXiczIzK10QF33EIca/tawHsZfkwk=
 
 ------ Matomo HTML  ------------------------------------
 <!-- Matomo - Embedding JS file after load event -->
-<!--          CSP hash: sha256-e6dbe537832f876680296da6f038b2e24584d50253fc8c8dc18241dbe1afb4e4 -->
+<!--          CSP hash: sha256-Etwpv5PNlBw5TGvXiczIzK10QF33EIca/tawHsZfkwk= -->
 <script>
 var _paq = window._paq || [];
 _paq.push(['trackPageView']);
@@ -28,7 +28,7 @@ _paq.push(['enableLinkTracking']);
 function embedTrackingCode(){
     var u='https://statistiques.adullact.org/';
     _paq.push(['setTrackerUrl', u+'matomo.php']);
-    _paq.push(['setSiteId', '14']);
+    _paq.push(['setSiteId', '7']);
     var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
     g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
 }
@@ -39,12 +39,15 @@ else                        { embedTrackingCode();
 <!-- END Matomo -->
 
 ------ CSP hash for Matomo JS loader minified : sha256  ------------------------------------
-sha256-0dea72a0b69fffc3ae5b6ba5c3209d4f81d5d0abc310eedc7991249e44affd9c
+sha256-Oj7byVaFtnTXnxkJUhS8WcENCO4gmFgzKQ47r9DQhcU=
 
 ------ Matomo HTML minified ------------------------------------
 <!-- Matomo - Embedding JS file after load event -->
-<!--          CSP hash: sha256-0dea72a0b69fffc3ae5b6ba5c3209d4f81d5d0abc310eedc7991249e44affd9c -->
-<script>var_paq=window._paq||[];_paq.push(['trackPageView']);_paq.push(['enableLinkTracking']);functionembedTrackingCode(){varu='https://statistiques.adullact.org/';_paq.push(['setTrackerUrl',u+'matomo.php']);_paq.push(['setSiteId','14']);vard=document,g=d.createElement('script'),s=d.getElementsByTagName('script')[0];g.type='text/javascript';g.async=true;g.defer=true;g.src=u+'matomo.js';s.parentNode.insertBefore(g,s);}if(window.addEventListener){window.addEventListener('load',embedTrackingCode,false);}elseif(window.attachEvent){window.attachEvent('onload',embedTrackingCode);}else{embedTrackingCode();}</script>
+<!--          CSP hash: sha256-Oj7byVaFtnTXnxkJUhS8WcENCO4gmFgzKQ47r9DQhcU= -->
+<script>var _paq = window._paq || [];_paq.push(['trackPageView']);_paq.push(['enableLinkTracking']);function embedTrackingCode(){var u='https://statistiques.adullact.org/';_paq.push(['setTrackerUrl',u+'matomo.php']);_paq.push(['setSiteId','7']);var d=document,g=d.createElement('script'),s=d.getElementsByTagName('script')[0];g.type='text/javascript';g.async=true;g.defer=true;g.src=u+'matomo.js';s.parentNode.insertBefore(g,s);}if(window.addEventListener){window.addEventListener('load',embedTrackingCode,false);}else if(window.attachEvent){window.attachEvent('onload',embedTrackingCode);}else {embedTrackingCode();}</script>
 <!-- END Matomo -->
 
 ------------------------------------------
+sha256-Oj7byVaFtnTXnxkJUhS8WcENCO4gmFgzKQ47r9DQhcU=
+
+------------------------------------------
-- 
GitLab