jagaapple / next-secure-headers

Sets secure response headers for Next.js.
MIT License
317 stars 13 forks source link

Google Analytics & Adsense errors #51

Open BernardA opened 3 years ago

BernardA commented 3 years ago

💩 Bug Report

A summary of the bug

I set up next.config.js as below aiming at allowing the regular scripts from Analytics and Adsense but getting a number of errors.

I tried adding some of the origins to the config, but how can one be sure to have included all origins that Google may include.

Current behavior

With the following code at `next.config.js:

   async headers() {
    return [
        {
            source: '/(.*)',
            headers: createSecureHeaders({
                contentSecurityPolicy: {
                    directives: {
                        scriptSrc: [
                            "'self'",
                            'https://www.googletagmanager.com',
                            'https://pagead2.googlesyndication.com',
                            'https://partner.googleadservices.com',
                        ],
                    },
                },
            }),
        },
    ];
},

Getting these errors:

Screenshot 2021-06-20 at 12 34 17

To Reproduce

Code above

Expected behavior

Load scripts while keeping secure headers.

Environment

Additional context

Add any other context about the problem here, or a screenshot if applicable.