search

gtm-support / vue-gtm

Simple implementation of Google Tag Manager for Vue
https://www.npmjs.com/package/@gtm-support/vue-gtm
MIT License
192 stars 23 forks source link

Nonce not added as attribute #413

Closed joerees closed 1 month ago

joerees commented 4 months ago

This plugin does not apply the nonce attribute to the gtm script tag. when inspecting the script element in chrome I can see no nonce value added to the attributes list, however it is there as a property.

This is the following error breaking our CSP.

The source list for the Content Security Policy directive 'script-src' contains an invalid source: ''nonce-{{nonce}}''. It will be ignored.

Here is my implementation, is there a work around or fix ?


`import { createGtm, useGtm } from '@gtm-support/vue-gtm'
import analyticsFactory from '~/services/analytics/analyticsFactory'

export default defineNuxtPlugin((nuxtApp) => {
  const config = useRuntimeConfig()
  const nonce = useNonce()

  nuxtApp.vueApp.use(
    createGtm({
      id: 'XXXXXXXXXXX',
      enabled: true,
      nonce
    })
  )

  return {
    provide: {
      gtm: useGtm(),
      dataLayer: analyticsFactory()
    }
  }
})`
Shinigami92 commented 4 months ago

Maybe you need to use this: https://github.com/gtm-support/vue-gtm/issues/209#issuecomment-1732417673

joerees commented 4 months ago

Tried this already but makes no difference, nonce does not get applied correctly

dariasamo commented 3 months ago

Same here, nonce is not applied. Tried with both @gtm-support/vue-gtm and @zadigetvoltaire/nuxt-gtm.