Trying to get CSP working for pesky google tag manager

ZermattChris · Apr 17, 2023 · 9786f12 · 9786f12
1 parent 55b7f5d
commit 9786f12
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/public/_headers b/public/_headers
@@ -7,7 +7,7 @@
   Access-Control-Allow-Origin: *
   # Access-Control-Allow-Headers: 'Origin, X-Requested-With, Content-Type, Accept'
 
-  Content-Security-Policy: default-src 'self';   base-uri 'self';   object-src 'none';   connect-src https://*.simpleitsolutions.ch https://gateway.flyzermatt.com/ https://*.bugsnag.com;   font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com;   frame-src https://js.stripe.com  https://player.vimeo.com;    img-src 'self' www.googletagmanager.com;   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.stripe.com/v3 https://polyfill.io/v3/polyfill.min.js https://www.googletagmanager.com;   style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/ https://fonts.googleapis.com/;   worker-src 'none';   child-src 'none';   form-action 'self';   frame-ancestors 'self';   upgrade-insecure-requests;
+  Content-Security-Policy: default-src 'self';   base-uri 'self';   object-src 'none';   connect-src https://*.simpleitsolutions.ch https://gateway.flyzermatt.com/ https://*.bugsnag.com;   font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com;   frame-src https://js.stripe.com  https://player.vimeo.com;    img-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.stripe.com/v3 https://polyfill.io/v3/polyfill.min.js https://www.googletagmanager.com/gtm.js;   style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/ https://fonts.googleapis.com/;   worker-src 'none';   child-src 'none';   form-action 'self';   frame-ancestors 'self';   upgrade-insecure-requests;
 
   Referrer-Policy: strict-origin