我正在尝试在我的网站上实施内容安全策略。但是当我实现 script-src 时,它给了我这个错误。
Refused to load the script 'https://www.googletagmanager.com/gtm.js?id=GTM-XXXXX' because it violates the following
我的内容安全策略是
Content-Security-Policy: script-src 'self' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js https://www.google-analytics.com 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com/gtm.js/ https://tagmanager.google.com/http://www.googleadservices.com/pagead/conversion_async.js https://*.google.com;
删除
https://*.googletagmanager.com/gtm.js/https://*.googletagmanager.com在
https://tagmanager.google.com/http://www.googleadservices.com/pagead/conversion_async.jshttps://tagmanager.google.com/http://www.googleadservices.com/pagead/conversion_async.js注 1:主机源
http://www.googleadservices.com/pagead/conversion_async.jshttps://*.google.com注 2:
script-src 'unsafe-inline''unsafe-inline'script-src可以添加
script-src *.googletagmanager.com;
您的内容政策对 GTAG 进行了例外处理。