Skip to content

fix: allow Google Analytics in Content Security Policy#36

Merged
reverentgeek merged 1 commit intomainfrom
dn-csp-allow-google-analytics
Feb 6, 2026
Merged

fix: allow Google Analytics in Content Security Policy#36
reverentgeek merged 1 commit intomainfrom
dn-csp-allow-google-analytics

Conversation

@reverentgeek
Copy link
Collaborator

@reverentgeek reverentgeek commented Feb 6, 2026

Summary

  • The production CSP scriptSrc directive blocked the Google Tag Manager script (https://www.googletagmanager.com/gtag/js) from loading, preventing Google Analytics from functioning
  • Added https://www.googletagmanager.com to scriptSrc to allow the gtag.js script
  • Added Google Analytics domains (google-analytics.com, *.google-analytics.com, *.analytics.google.com) to connectSrc to allow analytics beacons

Test plan

  • Deploy to staging and verify no CSP violations in browser console for Google Analytics
  • Verify Google Analytics events are received in the GA4 dashboard
  • Verify OAuth login/consent/logout flows still work correctly (CSP changes don't affect redirects)

🤖 Generated with Claude Code

@reverentgeek @claude
fix: allow Google Analytics in Content Security Policy
5bfa9a2 
The CSP scriptSrc directive blocked the Google Tag Manager script from
loading in production, preventing Google Analytics from functioning.
Added googletagmanager.com to scriptSrc and Google Analytics domains
to connectSrc to allow gtag.js and analytics beacons.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@reverentgeek reverentgeek merged commit 1824618 into main Feb 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reverentgeek