Google Tag Manager (gtm) script blocked by CSP

Hi there!

I’m having a hard time figuring out why our GTM script is being blocked by our CSP:

Here’s the script:

<!-- Google Tag Manager -->
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
<!-- End Google Tag Manager -->

I’m following the instructions here to add GTM to discourse. I’ve removed the GA ID as stated in the article, as well as added to our allowlist.

Any ideas?

1 Like

did you see this topic?


Hey @Lilly! I didn’t see that topic in particular, but I did follow the documentation that it links to. I’ve allowlisted :thinking:


Hi Ty,

It looks like you have a few scripts being blocked at the moment that you’ll want to add to your CSP:

I also see that you’re getting a nonce error in the console. Have you tried configuring GTM to handle those?

One last thing I would try is to add https://* to your allowlist.


Thanks a bunch for jumping in here @MarkDoerr!

I’ll need to reach out to the team that handles these scripts and mention nonce handling as well, thanks for pointing these out!

Odd, with either or https://* allowlisted there aren’t any CSP related errors for the GTM script in particular in Brave nor Safari, just Chrome and Firefox.