Comments (10)
@Shinigami92 see a live example of this not working here: https://codesandbox.io/s/hopeful-tharp-tvv97x?file=/src/main.js
from vue-gtm.
@Orrison you can ignore the comment. Someone posted a comment (you can read the comment in the quote of my previous post) and then deleted the comment again. I assume because they realized that the question was incorrect at all.
That deletion just confused you, sorry for that 🙂
from vue-gtm.
There are tests
Line 129 in 18fd337
Could you please check if the test does not fulfill some expectations you have?
Maybe we need to add another test with some specific configurations?
from vue-gtm.
@Shinigami92 hmm, that test seems to make sense and validate the expectation I would have. But this does not seem to be happening in practice outside of tests.
My configuration is simple, only slightly different from the documentation.
import { createApp } from 'vue';
import App from './App.vue';
import { IonicVue } from '@ionic/vue';
import { createPinia } from 'pinia';
import router from './router';
const pinia = createPinia();
const app = createApp(App)
.use(IonicVue)
.use(pinia)
.use(router)
.use(
createGtm({
id: 'GTM-DEMO',
enabled: true,
loadScript: true,
vueRouter: router,
nonce: '2726c7f26c',
})
);
With this configuration, the output script tag does NOT include the nonce
in practice.
<script async="" src="https://www.googletagmanager.com/gtm.js?id=GTM-DEMO"></script>
Even if I remove all my other configuration to simplify this:
import { createApp } from 'vue';
import App from './App.vue';
const app = createApp(App)
.use(
createGtm({
id: 'GTM-DEMO',
enabled: true,
loadScript: true,
vueRouter: router,
nonce: '2726c7f26c',
})
);
Sidebar: I was wrong about defer
, that is working as expected.
from vue-gtm.
Here the nonce will be set: https://github.com/gtm-support/core/blob/9391b2d691dcff0dd75446c4ddbce3b916e60652/src/utils.ts#L95-L97
I tried to tracked the path, but just in GitHub without checking out the project
To me I could not identify any issue 🤔
Would you like to checkout the repo (core) and try to debug it? It's really not much code, you just need to track down the options
with nonce
.
from vue-gtm.
@Shinigami92 As a a side note, if I understand the vue-gtm code base correctly, the script is only added in a browser context anyways, so the purpose of using a CSP nonce is kinda defeated or not?
I just quickly read through https://content-security-policy.com/nonce/ to check what CSP nonce are.
Based on that, I'm not sure what you mean by that it is defeated 🤔
from vue-gtm.
@Shinigami92 As a a side note, if I understand the vue-gtm code base correctly, the script is only added in a browser context anyways, so the purpose of using a CSP nonce is kinda defeated or not?
I just quickly read through https://content-security-policy.com/nonce/ to check what CSP nonce are. Based on that, I'm not sure what you mean by that it is defeated 🤔
Hey @Shinigami92, unsure of which comment you are replying to here.
The intention of a nonce is to generate it every time on the page load server side and supply it to the GTAG script so that it can set the nonce for the scripts it contains.
This provides security and is a great way to have a robust CSP policy while still allowing GTAG managers to add scripts without consulting development.
This package offers a option to set nonce
and says "// Will add nonce
to the script tag". Though the test is passing it seems that in a real usage, the nonce is not being set on the Script tag created by the package . As you can see in my example above.
By setting the nonce attribute on the script tag calling the GTAG, GTAG is able to supply that to the scripts it will load onto the page. This is a GTAG functionality that works in any other context where a GTAG script is loaded onto the page and executed.
from vue-gtm.
@Orrison you can ignore the comment. Someone posted a comment (you can read the comment in the quote of my previous post) and then deleted the comment again. I assume because they realized that the question was incorrect at all. That deletion just confused you, sorry for that 🙂
Got it, no problem at all!
from vue-gtm.
Related Issues (20)
- Bug: Vue2 npm ERR! ERESOLVE could not resolve HOT 3
- How to add content_group
- Bug: Plugin is not working with stream ID HOT 1
- Error : You may need an appropriate loader to handle this file type HOT 5
- Bug: last custom property is persisted HOT 2
- Using in Nuxt 3 project. `page_view` works, but `trackEvent` doesn't HOT 5
- Bug: My GTM tag starts with G instead of GTM HOT 1
- How to properly access `cid` value ? HOT 1
- Bug: cannot install with vue@^3.2.0 HOT 4
- Bug: Can you please update to allow Google IDs to begin with G- HOT 1
- SSR support?
- Google Tag Manager tag is not firing when viewing the page; we have to reload the pageBug: HOT 3
- Add ability to load local gtm.js HOT 1
- Bug: Module pushes events to the datalayer that are empty with the name "interaction"
- Bug: The GTM Tag ID shows as "G-XXXXXXX", "UA-XXXXXX" or "AW-XXXXXXX" not GTM-XXXXXX HOT 2
- PartyTown support HOT 1
- Bug: router can not be passed to the plugin because the corresponding property doesn
- Bug: router can not be passed to the plugin because the corresponding property doesn't exist HOT 2
- Nonce not added as attribute HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vue-gtm.