Error de uso de GTM

Hola a todos,

cuando uso el ID del contenedor GTM preparado en nuestra configuración en la aplicación con el ID de GTM correcto (por ejemplo, GTM-XYZXYZ) y, por supuesto, agrego el dominio específico a la lista blanca (de acuerdo con el manual Integrating Google Tag Manager with Google Analytics), tengo un problema al cargar y obtener el script https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js, llamado desde el script principal gtm.js, con el mensaje GET https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js net::ERR_FAILED y {message: "remote script failed https://d1i8vaoc4ts7hj.cloudf…fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js"}.

El segundo problema es el mismo y se origina en NetworkFirst.mjs: (Uncaught (in promise) no-response: no-response :: [{"url":"https://d1i8vaoc4ts7hj.cloudfront.net/5e3fcb4db448a78908a4671b6fb685c7acd13fa3_10854/dist/js-extra/VisitorAPI.js"}]).

¿Podría alguien darme un consejo?

Muchas gracias.
T

Can you try adding 'unsafe-inline' as Google’s support doc says? If it works, I can add it to our howto instructions.

So I should insert 'unsafe-inline' https://www.googletagmanager.com to content security policy script src array?

Maybe I don’t understand your reply. But it doesn’t work for me.

Yes, that’s what their doc says needs to be added.

2020-01-21_10-031275×326 24 KB

If that’s not permissive enough, you can try allowing anything starting with “https”.

image.png1264×476 23.4 KB

I had this problem recently and that’s what I did to fix it. I didn’t quite understand why it appeared. I added https: and unsafe-inline. Having it be so permissive seemed to be bypassing something that seems like it should be important, but this is what solved the problem.

It would seem like if Google requires this then the plugin should do it automatically. If my site broke, then I’d think that every site will break (when they upgrade again?).

GTM support isn’t a plugin, it’s a setting in core Discourse. There’s currently a note about CSP in the setting description.

But I’m guessing you’re thinking of the ad plugin, which is another story. It includes multiple ad options, all of them disabled when you install the plugin. Each setting should probably have a note about CSP so people know about it.

I’m guessing so too! I’ve tried not to learn about this. I don’t know the difference between GTM, Adsense, and DFP.

Maybe so. All I know is that a site had the Google Ads working and then there was an upgrade and then the stopped working. I got blamed.

If Google [ad manager|dfp|ad plugin|gtm] requires some CSP setting to change because [Google|Discourse] changed something, it’d be nice to, maybe, create one of those annoying Dashboard notices about it?