I’m having a hard time figuring out why our GTM script is being blocked by our CSP:
Here’s the script:
<!-- Google Tag Manager -->
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s),
<!-- End Google Tag Manager -->
I’m following the instructions here to add GTM to discourse. I’ve removed the GA ID as stated in the article, as well as added
https://www.googletagmanager.com to our allowlist.
Hey @Lilly! I didn’t see that topic in particular, but I did follow the documentation that it links to. I’ve allowlisted
It looks like you have a few scripts being blocked at the moment that you’ll want to add to your CSP:
I also see that you’re getting a nonce error in the console. Have you tried configuring GTM to handle those?
One last thing I would try is to add
https://*.googletagmanager.com to your allowlist.
Thanks a bunch for jumping in here @MarkDoerr!
I’ll need to reach out to the team that handles these scripts and mention
nonce handling as well, thanks for pointing these out!
Odd, with either
https://*.googletagmanager.com allowlisted there aren’t any CSP related errors for the GTM script in particular in Brave nor Safari, just Chrome and Firefox.