/tagmanager/community?hl=en
This content is likely not relevant anymore. Try searching or browse recent questions.
-
CORS Policy issue 0 Recommended Answers 10 Replies 88 Upvotes
1 Recommended Answer
$0 Recommended Answers
We are trying to add the integrity attribute to our https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXX script. We have set the crossorigin attribute to anonymous.

When our page loads we get the error:
 Access to script at 'https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXXX-X' from origin 'https://mydomian.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://www.googletagmanager.com' that is not equal to the supplied origin.

It seems like the CORS policy for tag manager is not allowing for HTTPS connections. If I use straight HTTP I do not get the CORS error, I get an insure error instead.


Can you please update your CORS policy?

Many thanks
All Replies (10)
19 upvotes and still no response?
marked this as an answer
50 and counting
marked this as an answer
This issue is imperative!
CORS headers for Javascript files are necessary for a site owner to recognise source of runtime errors in the browser. Without it all you get is the cryptic `Script error.` with no stack so we can't event know which script throws the error.
marked this as an answer
Can we please get a reply? - 62 upvotes now
marked this as an answer
Amazing that they advocate for https everywhere and yet can't get their own implementation right

I'm trying to implement the require-sri-for directive on my site and cannot use it thanks to this
marked this as an answer
Come on Google. Be a good citizen and help us out here.
marked this as an answer
I'm seeing this issue on one domain ... but not on an identically-configured domain.

The inserted JS code is identical. The response headers sent by the server that hosts both domains are identical. But one domain throws a CORS error, and the other doesn't.

Incidentally, the CORS error for the problem domain occurs across the domain and a subdomain, i.e. http://example.com/ and http://dev.example.com/
marked this as an answer
Hi all, 

We (Googel Tag Manager) are looking into this issue now. Could you provide more context on which script is trying to access the gtag.js response?

Best,
Rick
marked this as an answer
Hi all,

I think the fix for this issue should be rolling out slowly next week. I plan to gradually ramp it up in case it carries unforeseen consequences. This means that some of requests will see the new CORS headers and some will see old CORS headers based on monotonically increasing random probability. By end of next week, it should be stable and I will let you know.

Best,
Rick
marked this as an answer
This is now rolled out globally at 1% and will increase to 100% by thursday.
marked this as an answer
This question is locked and replying has been disabled.
Discard post? You will lose what you have written so far.
Write a reply
10 characters required
Failed to attach file, click here to try again.
Discard post?
You will lose what you have written so far.
Personal information found

We found the following personal information in your message:

This information will be visible to anyone who visits or subscribes to notifications for this post. Are you sure you want to continue?

A problem occurred. Please try again.
Create Reply
Edit Reply
Delete post?
This will remove the reply from the Answers section.
Notifications are off
Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page.
Report abuse
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
Report post
What type of post are you reporting?
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
This reply is no longer available.
/tagmanager/threads
//accounts.google.com/ServiceLogin
You'll receive email notifications for new posts at
Unable to delete question.
Unable to update vote.
Unable to update subscription.
You have been unsubscribed
Deleted
Unable to delete reply.
Removed from Answers
Marked as Recommended Answer
Removed recommendation
Undo
Unable to update reply.
Unable to update vote.
Thank you. Your response was recorded.
Unable to undo vote.
Thank you. This reply will now display in the answers section.
Link copied
Locked
Unlocked
Unable to lock
Unable to unlock
Pinned
Unpinned
Unable to pin
Unable to unpin
Marked
Unmarked
Unable to mark
Reported as off topic
/tagmanager/profile/0?hl=en