GTM usage error

Hello to everyone,

when I use prepared gtm container id in our settings in app with correctly GTM ID (f.e. GTM-XYZXYZ) and of course I add specific domain to white list (according to Set up Google Tag Manager for Analytics (GA4) manual) then I have a problem with loading and fetching https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js script called from gtm.js core script with message GET https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js net::ERR_FAILED and {message: "remote script failed https://d1i8vaoc4ts7hj.cloudf…fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js"}.

Second same problem with this is called from NetworkFirst.mjs (Uncaught (in promise) no-response: no-response :: [{"url":"https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js"}]).

Could someone give me advice?

Thx a lot.
T

Can you try adding 'unsafe-inline' as Google’s support doc says? If it works, I can add it to our howto instructions.

4 Likes

So I should insert 'unsafe-inline' https://www.googletagmanager.com to content security policy script src array?

Maybe I don’t understand your reply. But it doesn’t work for me.

Yes, that’s what their doc says needs to be added.

If that’s not permissive enough, you can try allowing anything starting with “https”.

2 Likes

I had this problem recently and that’s what I did to fix it. I didn’t quite understand why it appeared. I added https: and unsafe-inline. Having it be so permissive seemed to be bypassing something that seems like it should be important, but this is what solved the problem.

It would seem like if Google requires this then the plugin should do it automatically. If my site broke, then I’d think that every site will break (when they upgrade again?).

1 Like

GTM support isn’t a plugin, it’s a setting in core Discourse. There’s currently a note about CSP in the setting description.

But I’m guessing you’re thinking of the ad plugin, which is another story. It includes multiple ad options, all of them disabled when you install the plugin. Each setting should probably have a note about CSP so people know about it.

2 Likes

I’m guessing so too! I’ve tried not to learn about this. I don’t know the difference between GTM, Adsense, and DFP. :wink:

Maybe so. All I know is that a site had the Google Ads working and then there was an upgrade and then the stopped working. I got blamed.

If Google [ad manager|dfp|ad plugin|gtm] requires some CSP setting to change because [Google|Discourse] changed something, it’d be nice to, maybe, create one of those annoying Dashboard notices about it?