Fix Google Tag Manager nonce value missing (!76585) · Merge requests · GitLab.org / GitLab

Tyler Williams requested to merge fix-google-tag-manager-nonce-value into master Dec 10, 2021

What does this MR do and why?

In gitlab-com/gl-infra/production#6028 (closed), we set the Google Tag Manager ID in production. But we missed a step in setting up the CSP nonce, so Google Tag Manager still isn't executing appropriately.

This MR adds the content_security_policy_nonce value to the GTM snippet in its HAML file, which should allow it to execute correctly.

How to set up and validate locally

Create a Google Tag Manager account and container ID. You should just need to follow the step 1 of the instructions. The GTM container can be empty - it just needs to exist.
In gitlab.yml, add a your GTM ID in the extra block for both the google_tag_manager_id and google_tag_manager_nonce_id values. Make sure to restart GDK (or do this step prior to starting GDK) for settings to take effect.
```
extra:
 google_tag_manager_id: 'GTM-YOURIDHERE'
 google_tag_manager_nonce_id: 'GTM-YOURIDHERE'
```
In rails console enable the :gtm_nonce feature flag
```
Feature.enable(:gtm_nonce)
```
Visit the sign up page, http://127.0.0.1:3000/users/sign_up

Using your GTM ID, in the JavaScript console, run:

document.querySelector('[src="https://www.googletagmanager.com/gtm.js?id=GTM-YOURVALUEHERE"]').nonce === document.querySelector('[name="csp-nonce"]').content

The output should be true.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 10, 2021 by Tyler Williams

Fix Google Tag Manager nonce value missing

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports