search

timlrx / tailwind-nextjs-starter-blog

This is a Next.js, Tailwind CSS blogging starter template. Comes out of the box configured with the latest technologies to make technical writing a breeze. Easily configurable and customizable. Perfect as a replacement to existing Jekyll and Hugo individual blogs.
https://tailwind-nextjs-starter-blog.vercel.app/
MIT License
7.47k stars 1.88k forks source link

Google Tag manager violates Content Security Policy directive #353

Closed ezzcodeezzlife closed 2 years ago

ezzcodeezzlife commented 2 years ago

Describe the bug

After adding the analytics.googleAnalyticsId I get the following error:

Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXX' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

To Reproduce clone, install, add googleAnalyticsId and deploy to Vercel

Default ContentSecurityPolicy from next.config.js:

const ContentSecurityPolicy = `
  default-src 'self';
  img-src * blob: data:;
  style-src 'self' 'unsafe-inline' *.googleapis.com cdn.jsdelivr.net;
  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;
  media-src 'none';
  connect-src *;
  font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;
`

How can i fix it?

AlexanderZeilmann commented 2 years ago

See here: https://github.com/timlrx/tailwind-nextjs-starter-blog/issues/319

ezzcodeezzlife commented 2 years ago

Ah, my bad! Thanks for clearing it up!