Google Adsense GDRP prompt doesn't show correctly
The issue
Background
To meet with new GDPR requirements, EU (EEA anf UK) resident's needs to consent to seeing advertisements starting early 2024 or ads will not be displayed in those regionsIf you're using Google Adsense, you'll most likely end up implement Google's own EU prompt (GDPR). Otherwise you'll need to either use a Google Certified CMP or stop serving ads to EU users
Google also offer CPRA (California, USA), LGPD (Brazil) and Ad blocking recovery (message if adblocker is detected)
Cause
If you're using CSP (Content Security Policy) and especially if you set it up to be strict, there's a big chance not all URL have been added to the allow listOnce we implemented the GDRP notice ourselves, we saw in the browsers DevTools that below URL's where flagged as "Refused to load the ..."
- https://fonts.googleapis.com [style-scr] - https://lh3.googleusercontent.com [img-src] - https://fonts.gstatic.com [font-src]
Solution
Add missing CSP rules
In nginx (our example will be based on) or apache, you'll need to add these additional URL's to the except listOpen up the config where you have your CSP rules, it's normaly in either nginx.conf or conf.d/yoursite.conf, if you have a site specific config
Here you need to add the URL that was listed in DevTools with "Refused to load the ...", for us that were three URLS and they need to be added to the area they are needed in
You probably have lots of rules in here already, so all we need to do is just add the missing URLs to the correct area
Reload nginx/apache
After you have adjusted the config, it's important that you reload nginx/apache for the changes to take affectnginx in CentOS
Command can vary slight depending what operating system you're running. If in doubt, please reference your system
Loads correctly
Now the GDRP message should be displayed correctly
Should you still have issues, verify DevTools that you didn't miss anything and that nginx/apache was reloaded
Ad blocking recovery
Once you're add the GDPR message, you might be tempted to also add Ad blocking recovery. We did and found out this also add an additional URL we need to exempt in CSP- https://fundingchoicesmessages.google.com