- 🇮🇳India AswathyAjish
I am also having this same issue. I have tried the patch in #6, but no use.
Is there any other solution?
- 🇬🇧United Kingdom Alina Basarabeanu
Patch #6 is working fine on Drupal 10.1.6 with Seckit 2.0.1
- Status changed to RTBC
about 1 year ago 11:36am 5 December 2023 - 🇺🇸United States brad.bulger
I was getting the same error, and what fixed it for me was using www.googletagmanager.com rather than googletagmanager.com, even though theoretically the www. version is supposed to match the simple domain version.
I applied the patch but it did not change this - using googletagmanager.com in script-src-elem explicitly produced the same error.
- First commit to issue fork.
- 🇬🇧United Kingdom somersoft
Extended the merge request to include
script-src-attr
script-src-elem
style-src-attr
style-src-elemIn CSP reports. The D7 version of these changes is in ✨ "Directive style-src-elem violated." Active
- 🇬🇧United Kingdom somersoft
Patch file from the merge request is at https://git.drupalcode.org/project/seckit/-/merge_requests/11.diff and it patches seckit 2.0.3 too.
"drupal/seckit": { "CSP: Directive script-src-elem violated with googletagmanager - https://www.drupal.org/project/seckit/issues/3208781": "https://git.drupalcode.org/project/seckit/-/merge_requests/11.diff" }, - 🇬🇧United Kingdom the_g_bomb
Double check this isn't caused by a browser extension.
I have seen google blocked because a browser extension is causing the type of script to be mis-reported in the log files. e.g. seckit sees google as script-src, but the browser sees google as data: because the script is being changed in the browser extension.
It fails due to that, but the report still thinks it is being blocked because it isn't listed in the script-src.There should be no reason script-src-elem should be needed if you have script-src already.