Allow passing a nonce to google tag manager related script

[abdelrahmanAbouelkheir]

What

Adding nonce in script in google tag manager

Why

Prevent from using csp header inline script or adding url manually in csp headers by package users.

How

passing nonce to the script.

[ijjk]

Allow CI Workflow Run

• approve CI run for commit: 3298c0e

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

[abdelrahmanAbouelkheir]

Sorry, I don't understand exactly, does anyone contributing to code is a maintainer? and how to enable it if I am considered as a maintainer

[Matthew-Wise]

Hi,

Hit this problem today and came to do the same PR. For any maintainer out there who wants some more context the suggestion from googles inline script adds the nonce attribute to the include allowing strict-dynamic to work with the csp

https://developers.google.com/tag-platform/security/guides/csp

Thanks
Matt

[ijjk]

@abdelrahmanAbouelkheir no need to merge canary, this blocks the tests from running

[ijjk]

Failing test suites

Commit: 3298c0e

pnpm test test/integration/amp-export-validation/test/index.test.js (turbopack)

• AMP Validation on Export > production mode > should have shown errors during build

Expand output

● AMP Validation on Export › production mode › should have shown errors during build

expect(received).toMatch(expected)

Expected pattern: /error.*The mandatory attribute 'height' is missing in tag 'amp-video'\./
Received string:  "   Loading config from /root/actions-runner/_work/next.js/next.js/test/integration/amp-export-validation/next.config.js
   Loading config from /root/actions-runner/_work/next.js/next.js/test/integration/amp-export-validation/next.config.js
   ▲ Next.js 15.0.4-canary.36 (Turbopack)·
   Checking validity of types ...
   Creating an optimized production build ...
   Loading config from /root/actions-runner/_work/next.js/next.js/test/integration/amp-export-validation/next.config.js
   Building (0/7) ...
   Building (1/7)··
   Building (3/7)··
   Building (5/7)··
 ✓ Building (7/7)
 ✓ Compiled successfully in 2.8s
   Collecting page data ...
   Generating static pages (0/8) ...
   Generating static pages (2/8)··
 ⚠ Linting is disabled.
Error occurred prerendering page \"/first\". Read more: https://nextjs.org/docs/messages/prerender-error
AssertionError: Assertion failed: WebAssembly is uninitialized

  at new module$contents$goog$asserts_AssertionError (../evalmachine.<anonymous>:102:1441)
  at module$contents$goog$asserts_doAssertFailure (../evalmachine.<anonymous>:103:354)
  at goog.asserts.assertExists (../evalmachine.<anonymous>:104:374)
  at Object.module$contents$amp$validator_validateString [as validateString] (../evalmachine.<anonymous>:2238:108)
  at Validator.validateString (../packages/next/dist/compiled/amphtml-validator/index.js:1:20650)
  at validateAmp (../packages/next/dist/export/routes/pages.js:100:34)
  at async exportPagesPage (../packages/next/dist/export/routes/pages.js:117:13)
  at async Span.traceAsyncFn (../packages/next/dist/trace/trace.js:153:20)
  at async exportPage (../packages/next/dist/export/worker.js:334:18)
  Export encountered an error on /first, exiting the build.
   ⨯ Static worker exited with code: 1 and signal: null
  "
  at Object.toMatch (integration/amp-export-validation/test/index.test.js:28:29)

Read more about building and testing Next.js in contributing.md.