vue-gtm icon indicating copy to clipboard operation
vue-gtm copied to clipboard

Published 20 hours ago verified publisher icon gtm-support

Nonce not added as attribute

Open joerees opened this issue 1 year ago • 3 comments

This plugin does not apply the nonce attribute to the gtm script tag. when inspecting the script element in chrome I can see no nonce value added to the attributes list, however it is there as a property.

This is the following error breaking our CSP.

The source list for the Content Security Policy directive 'script-src' contains an invalid source: ''nonce-{{nonce}}''. It will be ignored.

Here is my implementation, is there a work around or fix ?


`import { createGtm, useGtm } from '@gtm-support/vue-gtm'
import analyticsFactory from '~/services/analytics/analyticsFactory'

export default defineNuxtPlugin((nuxtApp) => {
  const config = useRuntimeConfig()
  const nonce = useNonce()

  nuxtApp.vueApp.use(
    createGtm({
      id: 'XXXXXXXXXXX',
      enabled: true,
      nonce
    })
  )

  return {
    provide: {
      gtm: useGtm(),
      dataLayer: analyticsFactory()
    }
  }
})`

joerees avatar Feb 28 '24 09:02 joerees

Maybe you need to use this: https://github.com/gtm-support/vue-gtm/issues/209#issuecomment-1732417673

Shinigami92 avatar Feb 28 '24 10:02 Shinigami92

Tried this already but makes no difference, nonce does not get applied correctly

joerees avatar Feb 28 '24 11:02 joerees

Same here, nonce is not applied. Tried with both @gtm-support/vue-gtm and @zadigetvoltaire/nuxt-gtm.

dariasamo avatar Apr 03 '24 07:04 dariasamo