Feature: Cross-domain Google Analytics

[rubenlg]

I added the GA tracking ID in the itch.io page of my web game, and I use the same tracking ID for the Javascript running the game itself. However, I'm getting duplicate user counts because the iframed game code and the itch.io page run on different domains, and analytics doesn't know they are the same user.

But more importantly, I can't do any analysis per traffic source, such as game engagement (measured on the game code), because from the perspective of the game code, there is only one traffic source: the itch.io wrapping page.

Fixing this requires a small snippet of code on the itch.io page, which is outside of my control.

The documentation from Google is here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cross-domain#iframes

Thanks!

[leafo]

I can add this, do yo have any requirements for when the post message is sent? If I wait for the load event from iframe then it could not be sent until many seconds after the page has been up in the iframe, but if I try to send it too early then your js may not be ready yet.

A few options are we have a requset/respond system where we don't send it until we receive a message from the frame, or I just send it every 100ms until the load event, and hope that you were listening during the window.

Regarding the message system, I do want to eventually have a standardized API for games to communicate with the parent page (to do things like show the donation dialog), so maybe this could be one of those features.

[rubenlg]

That's a very good question. I had the feeling that there would be a queue on window and you would always get the messages, but upon reading the spec, it became clear I was totally wrong. It's just a regular event, and if nobody is listening by the time it fires, it gets lost.

I guess the earliest that you can send it safely is on the DOMContentLoaded event of the iframe. At that point in time, all the synchronous scripts have been evaluated, so it's quite easy to have a tiny synchronous script that gets the message and puts it somewhere safe. Most people run their analytics snippet as a synchronous script anyway since that's the recommendation from GA.

The idea of having a standardized API sounds very promising. Especially if it includes monetization options, as it would support in-game purchases. I'm sure some people will try to abuse it to build gambling stuff, pay to win, and "pay to not wait 2 months for your castle to complete". However, it can also be used to experiment with innovative monetization models. It's very tricky, but I'm sure you can figure something out to stay true to the mission of itch.io.

[leafo]

DOMContentLoaded isn't available from parent of cross origin iframe afaik.

[rubenlg]

You are right, and the Access-Control-Allow-Origin header doesn't change that either.

Then I think your first proposal is probably the safest, i.e. the iframe posts a message to its parent announcing that it is ready for communication. The polling approach seems fragile, and if the iframe code is also fragile, you can end up with race conditions ranging from not receiving any message to reacting to multiple identical messages and causing a mess.

I would even propose a fallback to the load event. So listen both to the load event and a ready message from the iframe. Whichever comes first wins, and triggers a postMessage from parent to iframe with the GA client ID, and anything else that you might want to put in that communication channel. For my particular use case it's not needed, since I know I have to send that message, but it will make it easier to use by others not following this discussion.

Also, for the GA use case, security doesn't seem like a big deal, but if you start putting more sensitive stuff in that channel, I'd rather provide a JS library to game creators that avoids mistakes such as trusting any message without checking the origin.

[rubenlg]

Did you make any progress? I'm willing to beta-test if you have something in progress and are not sure whether it works well or not.

Thanks!