From 1a3d48ad46c44d83e884aff6041c17ae43e0ae7b Mon Sep 17 00:00:00 2001
From: Andrew Rosiclair <arosiclair@expensify.com>
Date: Fri, 3 Jan 2025 11:56:20 -0500
Subject: [PATCH 1/3] add nonce to thirdPartyScripts

---
 web/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/index.html b/web/index.html
index aaf8bdb621dd..62e3a73f0e47 100644
--- a/web/index.html
+++ b/web/index.html
@@ -132,7 +132,7 @@
     <link rel="shortcut icon" id="favicon" href="/favicon.png">
     <% if (htmlWebpackPlugin.options.useThirdPartyScripts) { %>
         <!-- Third party scripts -->
-        <script type="text/javascript" async="" src="/thirdPartyScripts.js"></script>
+        <script type="text/javascript" async="" src="/thirdPartyScripts.js" nonce="nonce-random-value"></script>
         <!-- End Third party scripts -->
     <% } %>
     <link rel="manifest" href="/manifest.json" />

From 441499a43a023ef3819eb9c812b6b72af523d9f1 Mon Sep 17 00:00:00 2001
From: Andrew Rosiclair <arosiclair@expensify.com>
Date: Fri, 3 Jan 2025 11:56:32 -0500
Subject: [PATCH 2/3] use nonce-aware version of GTM script

---
 web/thirdPartyScripts.js | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/web/thirdPartyScripts.js b/web/thirdPartyScripts.js
index c45defd89e69..1976fae6cf5d 100644
--- a/web/thirdPartyScripts.js
+++ b/web/thirdPartyScripts.js
@@ -1,15 +1,11 @@
 /* eslint-disable */
 // Google Tag Manager
-(function (w, d, s, l, i) {
-    w[l] = w[l] || [];
-    w[l].push({'gtm.start': new Date().getTime(), event: 'gtm.js'});
-    const f = d.getElementsByTagName(s)[0];
-    const j = d.createElement(s);
-    const dl = l !== 'dataLayer' ? '&l=' + l : '';
-    j.async = true;
-    j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
-    f.parentNode.insertBefore(j, f);
-})(window, document, 'script', 'dataLayer', 'GTM-N4M3FLJZ');
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+'https://www.googletagmanager.com/gtm.js?id='+i+dl;var n=d.querySelector('[nonce]');
+n&&j.setAttribute('nonce',n.nonce||n.getAttribute('nonce'));f.parentNode.insertBefore(j,f);
+})(window,document,'script','dataLayer','GTM-N4M3FLJZ');
 
 // FullStory
 window['_fs_host'] = 'fullstory.com';

From 04b4d38cf4205ef85b12dbb307b95f012b46215a Mon Sep 17 00:00:00 2001
From: Andrew Rosiclair <arosiclair@expensify.com>
Date: Fri, 3 Jan 2025 13:57:13 -0500
Subject: [PATCH 3/3] ignore prettier

---
 web/thirdPartyScripts.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/web/thirdPartyScripts.js b/web/thirdPartyScripts.js
index 1976fae6cf5d..434181bd9c33 100644
--- a/web/thirdPartyScripts.js
+++ b/web/thirdPartyScripts.js
@@ -1,4 +1,6 @@
 /* eslint-disable */
+/* prettier-ignore */
+
 // Google Tag Manager
 (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],