Skip to content

Commit 13ad010

Browse files
authored
Merge pull request #49 from gethinode/develop
feat: support nonces
2 parents c4fdb9d + 92294bc commit 13ad010

File tree

3 files changed

+32
-3
lines changed

3 files changed

+32
-3
lines changed

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ This module supports the following parameters (see the section `params.modules`
6666
|---------------------------|---------|-------------|
6767
| GoogleAnalytics.force | false | Trigger to force include the analytics scripts, bypassing other settings. Use this setting for debugging and testing only. |
6868
| GoogleAnalytics.gcm | false | Trigger to enable Google Consent Mode v2 (advanced mode). |
69+
| GoogleAnalytics.nonce | false | Trigger to pass nonces to tag manager, only applicable when GCM is enabled. See [Google documentation][google-csp] for more details. |
6970

7071
## Google Consent Mode v2
7172

@@ -80,12 +81,19 @@ This module supports Google Consent Mode v2. Use the following parameters in you
8081
state = "immediate"
8182
category = "necessary"
8283
gcm = true
84+
nonce = false
8385
```
8486

87+
## Content Security Policy
88+
89+
The module includes the policies required for Google Tag Manager's Preview Mode and Google Analytics 4. Review [Google's Content Security Policy][google-csp] to review the settings required for Google Ads, Google Ads User Data Beacon, Floodlight, and Service Worker.
90+
91+
8592
<!-- MARKDOWN LINKS -->
8693
[hugo]: https://gohugo.io
8794
[hinode_docs]: https://gethinode.com
8895
[google-analytics]: https://marketingplatform.google.com
96+
[google-csp]: https://developers.google.com/tag-platform/security/guides/csp
8997
[repository]: https://github.com/gethinode/hinode.git
9098
[repository_template]: https://github.com/gethinode/template.git
9199
[conventionalcommits]: https://www.conventionalcommits.org

assets/js/modules/googleanalytics/googleanalytics.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,10 @@ gtag("set", "url_passthrough", true);
3232
dl = l != 'dataLayer' ? '&l=' + l : ''
3333
j.async = true
3434
j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl
35+
{{ if site.Params.modules.GoogleAnalytics.nonce }}
36+
var n = d.querySelector('[nonce]')
37+
n && j.setAttribute('nonce', n.nonce || n.getAttribute('nonce'))
38+
{{ end }}
3539
f.parentNode.insertBefore(j, f)
3640
})(window, document, 'script', 'dataLayer', '{{ upper (. | urlize) }}')
3741
{{ else }}

config.toml

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,23 @@
1818
state = "async"
1919
category = "analytics"
2020
gcm = false
21+
nonce = false
2122

2223
# use the following setings when using Google Consent Mode v2
2324
# [params.modules.GoogleAnalytics]
24-
# integration = "critical" # set to critical when using Google Consent Mode v2
25+
# integration = "critical"
2526
# state = "immediate"
2627
# category = "necessary"
2728
# gcm = true
29+
# nonce = true # to use nonce-aware Tag Manager
2830

2931
[params.modules.GoogleAnalytics.csp]
3032
script-src = [
3133
"*.google-analytics.com",
32-
"*.googletagmanager.com"
34+
"*.googletagmanager.com",
35+
"*.analytics.google.com",
36+
"googletagmanager.com",
37+
"tagmanager.google.com"
3338
]
3439
connect-src = [
3540
"*.analytics.google.com",
@@ -42,5 +47,17 @@
4247
]
4348
img-src = [
4449
"*.google-analytics.com",
45-
"*.googletagmanager.com"
50+
"*.googletagmanager.com",
51+
"googletagmanager.com",
52+
"ssl.gstatic.com",
53+
"www.gstatic.com"
54+
]
55+
style-src = [
56+
"googletagmanager.com",
57+
"tagmanager.google.com",
58+
"fonts.googleapis.com"
59+
]
60+
font-src = [
61+
"fonts.gstatic.com",
62+
"data:"
4663
]

0 commit comments

Comments
 (0)