Javascript and Content Security Policy

  • Resolved sethbburgess

    (@sethbburgess)


    10 months, 3 weeks ago

    I have a website on AWS Lightsail Bitnami Apache WordPress. I am setting up a Content Security Policy. It appears that the Monsterinsights version of Google Analytics uses some “inline” javascripts. Inline scripts are not allowed in a Content Security Policy. I need to move these scripts to a javascript file and call them from that file instead of having them appear inline. I am not sure where and how to make this change.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Michelle D.

    (@devmich)

    Hi @sethbburgess,

    Thanks for reaching out.

    We don’t currently have a way to customize the output of our frontend tracking, I’m sorry about that! This will need to be handled by a separate plugin that specializes in site optimization, and offers an option to move inline scripts to external JavaScript files.

    That being said, we typically recommend excluding MonsterInsights or Google Analytics from being modified or optimized, as affecting the tracking scripts in this way may prevent MonsterInsights from working as expected.

    Let me know if you have further questions.

    Thank you.

    Thread Starter sethbburgess

    (@sethbburgess)

    Thanks so much for your reply. My concern is not so much with combining script files. It is more about ensuring compatibility between google tag manager and my content security policy. I found this article: https://www.bounteous.com/insights/2017/07/20/using-google-analytics-and-google-tag-manager-content-security-policy . I am not sure if this approach will work with monsterinsights. I am working on it.

    Plugin Support Michelle D.

    (@devmich)

    Hi @sethbburgess,

    Thanks for the details. In that case, the best approach will be to allow the MonsterInsights inline scripts to run and not be blocked by CSP restrictions.

    I hope that helps, but let me know how I can continue to assist.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Javascript and Content Security Policy’ is closed to new replies.