Google analytics.js and Content Security Policy

后端 未结 3 1356
Happy的楠姐
Happy的楠姐 2021-02-03 22:56

I have a web app using the default html5boilerplate Content Security Policy.

However, we have the new Google analytics.js snippet on the page, which is being blocked by

3条回答
  •  时光说笑
    2021-02-03 23:41

    You seem to have CSP headers setup on your web app, where Google Analytics domains are not white-listed yet. All the requests that the client makes to external domains should be explicitly white-listed. (This is a good reference: https://hacks.mozilla.org/2016/02/implementing-content-security-policy/).

    The CSP errors you see on the browser console are quite descriptive about what has to be white-listed in your CSP header.

    For example, for this case,

    Refused to load the image 'https://www.google.co.in/...' because it violates the following Content Security Policy directive: "img-src ".

    this would solve the error:

    img-src https://www.google.co.in  
    

提交回复
热议问题