Google Analytics and Subresource Integrity

About

Asked 8/7, 2019 at 6:12 Answered 8/7, 2019 at 6:12

security google-analytics content-security-policy subresource-integrity

I have Subresource Integrity (SRI) enabled in the Content Security Policy (CSP) headers.

How can I integrate google analytics? Using a hash for their script will probably break within a few days when google updates their analytics-javascript.

Any suggestions?

Cleistogamy answered 8/7, 2019 at 6:12 Comment(3)

I'm wondering the same thing. This affects anyone using payment processors like Google Pay or Braintree as well. Pretty serious for PCI compliance. – Classic 24/10, 2019 at 5:56

Unfortunately there doesn't appear to be any word from Google on this. Since their libraries and services are so popular and their own Chrome browser is now stepping up support for these security measures it's a shame they are not more on top of getting a way to make SRI work for their CSS and JavaScript components. – Elwaine 30/3, 2020 at 21:13

They added CORS support for GTM in 2020 according to this thread, so perhaps they've done the same now for GA. – Foredoom 10/3, 2021 at 19:7

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags