Max Böckmxbck
Jul 8, 2024, 7:49 PMpolyfill.io was crazy huh, we just let a third party run any JS without even checking integrity. lol
anyway please add this snippet for google tag manager, marketing needs it
Replies
Fredericfrederic@chaos.socialJul 8, 2024, 8:18 PM@mxbck It's super hard to implement a good Content-Security-Policy when people use GTM.
- Max BöckmxbckJul 8, 2024, 8:24 PM
@frederic been down that road too. Frustrating to say the least 😅
Patrick Hellerhellpat@mastodon.socialJul 9, 2024, 8:35 PMI wanted to build a service for that in 2018, but never did. But others did now.
https://csper.io/
https://developers.cloudflare.com/page-shield/policies/I thought of a painful progress like:
- Hey, you added stuff via GTM and it will not work
- We blocked all that. Which are your requests and why do you need it -> documentation done
- Do the developers & management approve the adding of the new item?If you force me to use jira, I will force you to request tracking stuff via a 10 step process.
- GavGGavv@phpc.socialJul 10, 2024, 8:55 AM
Dave 🧱 :cursor_pointer:DavidDarnes@mastodon.designJul 8, 2024, 8:47 PM@mxbck 🌶️
Richard SpenceleySpence1115@mastodonapp.ukJul 8, 2024, 9:21 PM@mxbck I can do you one worse. Marketing have access to GTM and can add whatever they want...
Careycarey@mastodon.nzJul 8, 2024, 10:00 PM@Spence1115 @mxbck ... and everything they add shows up as a red thread-blocking bar in the browser's performance tools.
- Richard SpenceleySpence1115@mastodonapp.ukJul 8, 2024, 11:02 PM
Max Fenton (defunct)maxfenton@mastodon.cloudJul 8, 2024, 9:37 PM
Claudio Zizza 🦜SenseException@phpc.socialJul 9, 2024, 7:33 AM@mxbck wget http://some-website/install | sh
Emilis 🇺🇦emilis@fosstodon.orgJul 9, 2024, 8:53 AM@mxbck Google Tag Manager should be blocked at the ISP level. Convince me otherwise.
mirabilos🐈⬛mirabilos@toot.mirbsd.orgJul 9, 2024, 9:47 AM