Magento 2.4.5-p8 with CSP on scripts inserted by Google Tag Manager

  Kiến thức lập trình

We’re updating our Magento from 2.4.5-p7 to 2.4.5-p8.

As you know, in Magento 2.4.5-p8 the CSP on the checkout page is now restrict mode instead of report-only.

We know now that the scripts inserted through our magento’s modules/theme must be rendered using the $secureRenderer (example in the image below)
SecureRenderer working well

And the external domains must be added as whitelist (example in the image below)
whitelist working well

But we still have problem loading scripts through Google Tag Manager.
It’s reporting that the inline script will not be loaded (example in the image below)
csp error on loading the GTM script
The script (example in the image below)
GTM script we are tying do load

References:
https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/security-patches/2-4-5-patches
https://developer.adobe.com/commerce/php/development/security/content-security-policies/

How can we insert a script through GTM while preserving the CSP?

I don’t have any clue of how can I load a script through GTM.

  • javascript
  • google-tag-manager
  • magento2
  • content-security-policy

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT