Closed
Bug 1419636
Opened 8 years ago
Closed 7 years ago
Make Google Analytics use beacon/XHR instead of img tag
Categories
(bugzilla.mozilla.org :: Extensions, enhancement, P5)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dylan, Assigned: kohei)
References
Details
(Keywords: good-first-bug)
Attachments
(1 file)
For reasons related to protecting against XSS, using an XHR is recommended over an image tag (because img-src should never list remote sites we do not control)
|
Reporter | |
Updated•8 years ago
|
Keywords: good-first-bug
Priority: -- → P1
|
Assignee | |
Updated•8 years ago
|
Component: General → Extensions: Other
|
|
Reporter | |
Updated•7 years ago
|
Priority: P1 → P5
|
|
Assignee | |
Comment 1•7 years ago
|
||
Looks like GA comes with an option to use `navigator.sendBeacon` or XHR by default. Given that BMO no longer supports IE, we don’t have to think about image fallbacks, allowing to remove the `img-src` directive. We still need `connect-src` for beacon or XHR though.
https://developers.google.com/analytics/devguides/collection/analyticsjs/field-reference#transport
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
Assignee: nobody → kohei.yoshino
Status: NEW → ASSIGNED
Summary: Make Google Analytics use XHR instead of img tag → Make Google Analytics use beacon/XHR instead of img tag
|
|
Assignee | |
Comment 2•7 years ago
|
||
|
|
Assignee | |
Comment 3•7 years ago
|
||
PR merged to master.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Component: Extensions: Other → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•