Merge branch 'csp-index-stats' into 'stable-3.1'

Set DirectoryIndex and unset CSP for /stats

See merge request ispconfig/ispconfig3!1071

Author: Marius Burkard

server/conf/nginx_vhost.conf.master

@@ -168,6 +168,7 @@ server {
             index index.html index.php;
             auth_basic "Members Only";
             auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
+            add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline';";
         }
 
         location ^~ /awstats-icon {

server/plugins-available/apache2_plugin.inc.php

@@ -1865,7 +1865,7 @@ function update($event_name, $data) {
 
 		if($data['new']['stats_type'] != '') {
 			if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
-			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user";
+			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user\nDirectoryIndex index.html index.php\nHeader unset Content-Security-Policy";
 			$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', $ht_file);
 			$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', 0755);
 			unset($ht_file);