search

digital-analytics-program / gov-wide-code

Provides a set of javascript files and documentation to implement web analytics on US federal websites
http://www.digital.gov/dap
102 stars 54 forks source link

Requires HTTPS for all hits to GA and YouTube #26

Closed konklone closed 7 years ago

konklone commented 9 years ago

I'm making this PR here not because I expect it to be merged directly (I understand the version number will change, and the file will need to be re-minified), but because I want to show how simple the changes I am asking for are.

This rewrites the initial hit to Google Analytics and the initial hit to YouTube (if opted in with yt=true) to always use HTTPS, even on an insecure site.

As described in #11, the forceSSL flag doesn't solve this issue -- that flag covers the data reporting ping to Google, and this change affects the initial download of reporting code from Google Analytics.

If incorporated into the DAP, these changes will fix #11 and #13.

tdlowden commented 7 years ago

@konklone this was incorporated into v 3.1 correct?

konklone commented 7 years ago

Yes, it was.