1.0.2 • Published 6 years ago

csp-report-to-google-analytics v1.0.2

Weekly downloads
31
License
MIT
Repository
github
Last release
6 years ago

csp-report-to-google-analytics

Content-Security-Policy(CSP) report to Google Analytics.

Usage

This library should be used with analytics.js. This library does not work with gtag.js. Please see gtag.js API? · Issue #202 · googleanalytics/autotrack.

You can load this library from unpkg CDN.

<!-- Google Analytics -->
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
// require csp-report-to-google-analytics plugin
ga('require', 'csp-report');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<!-- End Google Analytics -->
<!-- Load csp-report-to-google-analytics plugin -->
<script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>

You have already introduced analytics.js, then add these to existing analytic setting.

  • ga('require', 'csp-report');
  • <script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>

CSP

You need to enable CSP on your site.

The Content-Security-Policy-Report-Only HTTP Header is useful to found mixed contents on your site.

Content-Security-Policy-Report-Only: default-src https:;

Also, <meta> tag can enable Content-Security-Policy, but <meta> tag does not support Content-Security-Policy-Report-Only` header.

<!-- Work -->
<meta http-equiv="Content-Security-Policy" content="default-src https:">
<!-- Not Work -->
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src https:">

For more information about CSP, see Content Security Policy CSP Reference & Examples.

Options

  • debug: boolean
    • Default: false
ga('require', 'csp-report', {
    debug: true
});

Default field values

FieldValue
hitType'pageview'
eventCategory'CSP Report'
eventActionSecurityPolicyViolationEvent.violatedDirective
eventLabelSecurityPolicyViolationEvent.blockedURI
nonInteractiontrue

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm i -d && npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Author

License

MIT © azu

CSPHTTPSViolationanalyticsgooglegoogleanalytics
@everything-registry/sub-chunk-1419@zalastax/nolb-csp
1.0.2

6 years ago

1.0.1

6 years ago