Comments (4)
jcassee
commented on May 29, 2024
Thanks for the notice, @SKisContent. What would be required specifically to work around this, can you give a bit more detail?
from django-analytical.
SKisContent
commented on May 29, 2024
One CSPs option is to add a nonce="xxx" attribute to the <script> tag.
<script type="text/javascript" nonce="random_string_of_alphanumericals">
The django-csp-nonce module does this. For analytical this option could be manipulated through the settings. However, for a dynamically generated nonce, this value needs to be updated during the HTML template rendering. Since AnalyticalNode is its own Node and injects the full <script></script> section into the rendered page HTML, it would need to do the value substitution on its own.
from django-analytical.
harrislapiroff
commented on May 29, 2024
Another solution would be to serve up a special view that served the normally inline code as a javascript file instead. (See, for instance, how Matomo/Piwik recommends serving a tracking.js file: https://matomo.org/faq/general/faq_20904/)
from django-analytical.
sevdog
commented on May 29, 2024
django-csp has a context processor to inject nonce into render context and also can add it to response headers.
If analytics nodes could add a placeholder in their script template to handle this template variable it could be easy to use.
from django-analytical.
Related Issues (20)
- Gitter Sidecar integration
- New release and follow-up tasks HOT 1
- Clickmap link in README links to spammy website HOT 2
- Support for Google Analytics 4 tags HOT 9
- Default value for SECURE_REFERRER_POLICY in Django 3.1 breaks Clicky HOT 2
- how to set enhanced eCommerce in google analytics HOT 2
- how to set identity_func HOT 3
- Ability to push custom commands to Matomo
- Respecting Consent ( Possible fix for #141 ) HOT 6
- Ability to pass FACEBOOK_PIXEL_ID directly in template tag HOT 1
- GA not tracking logged in users, GTAG user_id seems to require a different syntax now HOT 4
- support for python 3.10 HOT 1
- Rename default branch (master ➜ main) HOT 1
- Support for Posthog HOT 1
- Allow to set a custom location for google analytics js - support for proxy HOT 2
- Matomo ReDoS vulnerability (regex denial of service)
- Latest docs must build from `main` (not `master`) HOT 3
- basic mixpanel tracking HOT 4
- Setting google_analytics_gtag_identity does not work HOT 3
- Usage in Docker HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-analytical.