Implement an easy way to include custom analytics tracking javascript code

[giorgi3092]

Requirements

• This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
• Please check to see if this request (or a similar one) already exists.
• It's a single feature. Please don't request multiple features in one issue.

Describe the feature you'd like

There is LEMMY_UI_CUSTOM_HTML_HEADER to include a custom code into the head of a lemmy-ui instance, but if the javascript code to be loaded is from a different domain name, CSP directive prevents that code from executing.

For example, I have successfully included my custom Matomo tracking code which is hosted under a different domain name with the LEMMY_UI_CUSTOM_HTML_HEADER header but the CSP flags it and prevents the execution. You can verify this error by heading over to my instance https://forumrs.com/ and examining the console output yourself.

I will post a screenshot of the error here:

It is possible to bypass CSP directive entirely with LEMMY_UI_DISABLE_CSP, but it poses a security risk. I have not tried this but I am assuming with this option, code would execute.

Maybe solution to this would be to provide another environment variable what would indicate a list of domain names from which code execution would be enabled with security header but I would leave this up to the developers to decide how to achieve this. This is certainly a problem preventing me from tracking the website traffic.