CSP: Directive script-src-elem violated with googletagmanager

CSP: Directive script-src-elem violated. Blocked URI: https://www.googletagmanager.com/gtm.js?id=GTM-M7H54VD. Data: stdClass Object ( [document-uri] => https://www.gavi.org/vaccineswork/what-are-viral-vector-based-vaccines-and-how-could-they-be-used-against-covid-19 [referrer] => https://www.google.com/ [violated-directive] => script-src-elem [effective-directive] => script-src-elem [original-policy] => script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.google.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://*.sharethis.com https://platform.twitter.com/widgets.js https://assets.juicer.io/embed.js https://static.addtoany.com/menu/page.js https://pagecdn.io/ https://maps.googleapis.com https://cdn.jsdelivr.net https://www.recaptcha.net https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com gavialliancecareers.secure.force.com https://optimize.google.com https://www.googleoptimize.com/ https://connect.facebook.net *.flowpaper.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://assets.juicer.io/embed.css https://fonts.googleapis.com/ https://tagmanager.google.com https://cdn.jsdelivr.net https://optimize.google.com *.flowpaper.com; img-src 'self' data: https:;; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org/ https://datawrapper.dwcdn.net/ https://docs.google.com/ https://player.vimeo.com/ https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com gavialliancecareers.secure.force.com https://www.slideshare.net/ https://syndication.twitter.com/ https://optimize.google.com *.flowpaper.com https://counter.theconversation.com https://www.recaptcha.net; frame-ancestors 'self'; child-src blob:; font-src 'self' https://fonts.gstatic.com https://static.juicer.io https://www.slideshare.net/ https://use.typekit.net; report-uri /report-csp-violation; upgrade-insecure-requests [disposition] => enforce [blocked-uri] => https://www.googletagmanager.com/gtm.js?id=GTM-M7H54VD [status-code] => 0 [script-sample] => )

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Merge request !11CSP: Directive script-src-elem violation fixes → (Open) created by rajeshreeputra
Comment over 1 year ago →
🇮🇳India AswathyAjish
I am also having this same issue. I have tried the patch in #6, but no use.

Is there any other solution?
Comment about 1 year ago →
🇬🇧United Kingdom Alina Basarabeanu
Patch #6 is working fine on Drupal 10.1.6 with Seckit 2.0.1
Status changed to RTBC about 1 year ago11:36am 5 December 2023
Comment about 1 year ago →
🇬🇧United Kingdom Alina Basarabeanu
Comment 8 months ago →
🇧🇴Bolivia alvarito75 Cochabamba
So far for Drupal 10.2.4 patch #6 worked
Comment 2 months ago →
🇺🇸United States brad.bulger
I was getting the same error, and what fixed it for me was using www.googletagmanager.com rather than googletagmanager.com, even though theoretically the www. version is supposed to match the simple domain version.

I applied the patch but it did not change this - using googletagmanager.com in script-src-elem explicitly produced the same error.
First commit to issue fork.
Comment about 1 month ago →
🇬🇧United Kingdom somersoft
Extended the merge request to include
script-src-attr
script-src-elem
style-src-attr
style-src-elem

In CSP reports. The D7 version of these changes is in ✨ "Directive style-src-elem violated." Active

CSP: Directive script-src-elem violated with googletagmanager

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Merge Requests

!11CSP: Directive script-src-elem violated with googletagmanager
Open

Comments & Activities

CSP: Directive script-src-elem violated with googletagmanager

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Merge Requests

!11CSP: Directive script-src-elem violated with googletagmanagerOpen

Comments & Activities

!11CSP: Directive script-src-elem violated with googletagmanager
Open