Toggle Nav
Search
Advanced Search
My Cart itemsitem

Handling Google Analytics CSP Errors in Magento: Temporary Fix via Custom Module

If you’ve encountered the Google Analytics CSP error on Magento, specifically related to https://region1.analytics.google.com, you’re not alone. The error typically looks like this in your browser’s console:

Refused to load the script 'https://region1.analytics.google.com/...' because it violates the following Content Security Policy directive: "script-src 'self'".

Google advises to update the hosts src here

EU data is collected in the EU
Google Analytics 4 collects all data from EU-based devices (based on IP-geo lookup) through domains and on servers based in the EU before forwarding traffic to Analytics servers for processing.

If you currently use a Content Security Policy (CSP), update your configurations (img-src and connection-src directives) to allow the following domains used by Analytics:

*.google-analytics.com
*.analytics.google.com

To address this issue, I’ve submitted a pull request to the Magento repository (PR #38991). However, while we wait for this PR to be reviewed and merged, there’s a way to temporarily fix the issue using a custom module.

Steps to Fix the CSP Error with a Custom Module

  1. csp_whitelist.xml

    In the etc directory, create a csp_whitelist.xml file to add the necessary CSP whitelisting:

<?xml version="1.0" encoding="UTF-8"?>  
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">  
 <policies> <policy id="script-src">  
 <values> <value id="google_analytics" type="host">*.google-analytics.com</value>  
 <value id="google_analytics_4" type="host">*.analytics.google.com</value>  
 </values> </policy> <policy id="connect-src">  
 <values> <value id="google_analytics" type="host">*.google-analytics.com</value>  
 <value id="google_analytics_4" type="host">*.analytics.google.com</value>  
 </values> </policy> <policy id="img-src">  
 <values> <value id="google_analytics" type="host">*.google-analytics.com</value>  
 <value id="google_analytics_4" type="host">*.analytics.google.com</value>  
 </values> </policy> </policies></csp_whitelist>
  1. Flush the cache

Conclusion

By following these steps, you can create a custom module that temporarily addresses the CSP issue with Google Analytics on Magento until the official fix is merged (hopefully). This approach ensures that your site remains secure while adhering to the necessary Content Security Policies.

For any updates or further changes, keep an eye on the progress of the pull request. If you have any questions or run into issues, feel free to reach out to!

  July 31, 2024 | View: 81 |   Categories: Magento |   By: Apedik

About the Author

Apedik

Backend engineer with more than 15 years of experience in e-commerce. I’ve been
working latest 8 years mainly with Magento V1 and V2, focusing on backend development, API and Unit Testing. Spent the latest 2 years on Microservices integration.
Good knowledge of docker and Kubernetes.

Disabling the "Compare Products" functionality in Magento 2 October 13, 2023
Wayland Compatibility with NVIDIA Drivers October 25, 2023
Setting Up Magento 2 with Varnish and SSL in Docker Containers October 5, 2023
Configure Postfix as mail forwarding on Ubuntu/Debian September 29, 2023
Nginx redirect vs rewrite October 4, 2023
Modify .desktop Files with a Bash Script July 31, 2024
Handling Google Analytics CSP Errors in Magento: Temporary Fix via Custom Module July 31, 2024
Customizing Magento 2 Checkout UI Components with Per Website or Store Configuration July 16, 2024
Step-by-Step Guide to Setting Up a Cart Price Rule in Magento July 16, 2024
Efficiently Retrieve Categories and Products Using Magento's Search Criteria API July 16, 2024

Categories

Monthly Archive

Topics

Compare Products
  1. Remove This Item
Compare
Clear All
You have no items to compare.