Google Tag Manager and Discourse CSP (Content Security Policy)

Discourse · April 27, 2021, 7:03pm

Discourse uses a ‘strict-dynamic’ Content Security Policy, and attaches a nonce to the root GTM script.

That means that, in the vast majority of cases, no extra configuration is required. strict-dynamic will automatically trust any scripts you load via GTM.

If you use GTM Custom JavaScript Variables, then you will need to add 'unsafe-eval' to the content security policy script src site setting. Or alternatively, update your GTM configuration to use ‘Custom Templates’ instead of ‘Custom Variables’.

Last edited by @kelv 2024-12-10T10:11:47Z

Check document
Perform check on document:

Topic		Replies	Views
Google Tag Manager (gtm) script blocked by CSP Data & reporting analytics	4	3668	July 3, 2023
GTM Refused to load the script because it violates the Content Security Policy Data & reporting	3	2977	June 16, 2021
Is there an option to get server-side generated CSP nonce for non-GTM scripts? Support pr-welcome	4	1427	July 27, 2022
Push custom events to Google Tag Manager and Analytics Integrations how-to	1	6618	December 10, 2024
Cant get google tag manager to work Data & reporting analytics	6	1401	September 29, 2023

Google Tag Manager and Discourse CSP (Content Security Policy)

Related topics