Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nonce support next third parties #65453

Open
wants to merge 3 commits into
base: canary
Choose a base branch
from
Open

Nonce support next third parties #65453

wants to merge 3 commits into from

Conversation

naveen-bharathi
Copy link

Adding a feature

  • Implements a nonce prop in the GoogleAnalytics and GoogleTagManager components exported from @next/third-parties package

What?

  • Implements a nonce prop in the GoogleAnalytics and GoogleTagManager components

Why?

Enabling Content-Security-Policy using nonces requires the nonce to be passed to the Script element. Ref: https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy#reading-the-nonce

Since the GoogleTagManager and GoogleAnalytics components exported from @next/third-parties package do not have a nonce part, using these Components with Content-Security-Policy using nonces becomes impossible as the script inside these components won't be loaded.

How?

Adds a nonce prop to the GoogleAnalytics and GoogleTagManager components which passes it to the Script tag inside them

Fixes #65452

@ijjk
Copy link
Member

ijjk commented May 7, 2024

Allow CI Workflow Run

  • approve CI run for commit: 1dfcf3e

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

1 similar comment
@ijjk
Copy link
Member

ijjk commented May 7, 2024

Allow CI Workflow Run

  • approve CI run for commit: 1dfcf3e

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

@ijjk
Copy link
Member

ijjk commented May 7, 2024
edited

Allow CI Workflow Run

  • approve CI run for commit: edec963

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

ijjk
ijjk requested changes May 8, 2024
View reviewed changes
Copy link
Member

@ijjk ijjk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi this looks like a duplicate of #61820

@naveen-bharathi
Copy link
Author

Hi this looks like a duplicate of #61820

#61820 looks sufficient. Is there a specific reason it is still not merged? Is there something I could help with?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ijjk ijjk ijjk requested changes

@timneutkens timneutkens Awaiting requested review from timneutkens timneutkens is a code owner

@shuding shuding Awaiting requested review from shuding shuding is a code owner

@huozhi huozhi Awaiting requested review from huozhi huozhi is a code owner

@feedthejim feedthejim Awaiting requested review from feedthejim feedthejim is a code owner

@ztanner ztanner Awaiting requested review from ztanner ztanner is a code owner

@wyattjoh wyattjoh Awaiting requested review from wyattjoh wyattjoh is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@naveen-bharathi @ijjk