From 925f63c8e1c2d899936ba4de739321a3696fad7b Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Thu, 9 Jan 2020 20:43:32 +0100
Subject: [PATCH] Experimental switch of parameters and different urls

---
 app/Http/Middleware/SecureHeaders.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index fe2767717b..97c847b963 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -53,13 +53,13 @@ class SecureHeaders
         $analyticsId = config('firefly.analytics_id');
 
         if ('' !== $analyticsId) {
-            $google    = 'www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js'; // @codeCoverageIgnore
+            $google    = 'https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js'; // @codeCoverageIgnore
             $googleImg = 'https://www.google-analytics.com/';
         }
         $csp = [
             "default-src 'none'",
             "object-src 'self'",
-            sprintf("script-src 'nonce-%s' 'unsafe-inline' %s", $nonce, $google),
+            sprintf("script-src 'unsafe-inline' %s 'nonce-%s'", $nonce, $google),
             "style-src 'self' 'unsafe-inline'",
             "base-uri 'self'",
             "font-src 'self' data:",