feat(observability): remove umami to reduce complexity

Readme.md

@@ -9,7 +9,7 @@ stackFAST includes everything you need to build your App. Focus yourself on deve
 
 The blueprint contains the following features:
 - Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
-- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. For web analytics umami is included, which is an lighweight self hosted alternative to google analytics.
+- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. 
 - Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
 - SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
 - Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development

handler/middleware/security_headers.go

@@ -15,14 +15,14 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
 			w.Header().Set("Content-Security-Policy",
 				"default-src 'none'; "+
-					"script-src 'self' https://umami.me-fit.eu; "+
-					"connect-src 'self' https://umami.me-fit.eu; "+
+					"script-src 'self'; "+
+					"connect-src 'self'; "+
 					"img-src 'self'; "+
 					"style-src 'self'; "+
 					"form-action 'self'; "+
 					"frame-ancestors 'none'; ",
 			)
-			w.Header().Set("Cross-Origin-Resource-Policy", "same-site") // same-site, as same origin prohibits umami
+			w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
 			w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
 			w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
 			w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=(), interest-cohort=()")

main_test.go

@@ -82,15 +82,15 @@ func TestIntegrationSecurityHeader(t *testing.T) {
 
 		value = resp.Header.Get("Content-Security-Policy")
 		assert.Equal(t, "default-src 'none'; "+
-			"script-src 'self' https://umami.me-fit.eu; "+
-			"connect-src 'self' https://umami.me-fit.eu; "+
+			"script-src 'self'; "+
+			"connect-src 'self'; "+
 			"img-src 'self'; "+
 			"style-src 'self'; "+
 			"form-action 'self'; "+
 			"frame-ancestors 'none';", value)
 
 		value = resp.Header.Get("Cross-Origin-Resource-Policy")
-		assert.Equal(t, "same-site", value)
+		assert.Equal(t, "same-origin", value)
 
 		value = resp.Header.Get("Cross-Origin-Opener-Policy")
 		assert.Equal(t, "same-origin", value)

template/layout.templ

@@ -1,6 +1,6 @@
 package template
 
-templ Layout(slot templ.Component, user templ.Component, environment string) {
+templ Layout(slot templ.Component, user templ.Component) {
 <!DOCTYPE html>
 <html lang="en">
 
@@ -10,9 +10,6 @@ templ Layout(slot templ.Component, user templ.Component, environment string) {
 	<link rel="icon" href="/static/favicon.svg" />
 	<link rel="stylesheet" href="/static/css/tailwind.css" />
 	<meta name="viewport" content="width=device-width, initial-scale=1" />
-	if environment == "prod" {
-	<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
-	}
 	<meta name="htmx-config" content='{
 					"includeIndicatorStyles": false,
 					"selfRequestsOnly": true,