Google Adsense GDRP prompt doesn't show correctly

The issue

Background

If you're using Google Adsense, you'll most likely end up implement Google's own EU prompt (GDPR). Otherwise you'll need to either use a Google Certified CMP or stop serving ads to EU users

Google also offer CPRA (California, USA), LGPD (Brazil) and Ad blocking recovery (message if adblocker is detected)

Cause

Once we implemented the GDRP notice ourselves, we saw in the browsers DevTools that below URL's where flagged as "Refused to load the ..."

- https://fonts.googleapis.com [style-scr]
- https://lh3.googleusercontent.com [img-src]
- https://fonts.gstatic.com [font-src]

Solution

Add missing CSP rules

Open up the config where you have your CSP rules, it's normaly in either nginx.conf or conf.d/yoursite.conf, if you have a site specific config

Here you need to add the URL that was listed in DevTools with "Refused to load the ...", for us that were three URLS and they need to be added to the area they are needed in

[snippet]add_header Content-Security-Policy "default-src 'self'; style-src https://*.googleapis.com; img-src 'self' https://*.googleusercontent.com; font-src https://*.gstatic.com;[/snippet]

You probably have lots of rules in here already, so all we need to do is just add the missing URLs to the correct area

Reload nginx/apache

nginx in CentOS
[snippet]sudo systemctl reload nginx[/snippet]

Command can vary slight depending what operating system you're running. If in doubt, please reference your system

Loads correctly

Now the GDRP message should be displayed correctly

Should you still have issues, verify DevTools that you didn't miss anything and that nginx/apache was reloaded

Ad blocking recovery

- https://fundingchoicesmessages.google.com