search

jitsucom / jitsu

Jitsu is an open-source Segment alternative. Fully-scriptable data ingestion engine for modern data teams. Set-up a real-time data pipeline in minutes, not days
https://jitsu.com
MIT License
4.13k stars 296 forks source link

Authorized JavaScript Domains Ignored in Stream Settings #1117

Closed alexeybokov closed 3 months ago

alexeybokov commented 3 months ago

The Authorized JavaScript Domains setting in the stream configuration is not working as expected. Events from unauthorized domains are still being tracked, even though they are not listed in the Authorized JavaScript Domains field.

Steps to Reproduce:

1.  Create a stream.
2.  Create a destination.
3.  Create a connection between the stream and the destination.
4.  Add 'mysite.com' to the Authorized JavaScript Domains field.
5.  Add the stream snippet to the <head> section of test.com.
6.  Observe that events from test.com are still being tracked, despite it not being listed in the Authorized JavaScript Domains.

Expected Behavior: Events should only be tracked from domains listed in the Authorized JavaScript Domains field. Events from test.com should not be tracked in this scenario.

Actual Behavior: Events from test.com are being tracked, indicating that the Authorized JavaScript Domains setup is being ignored.

System configuration and versions

Artifacts (logs, etc)

vklimontovich commented 3 months ago

We are discontinued this feature, we just forgot to remove it from the UI.

If you want to filter incoming requests based on Origin header, you should do that with Jitsu Functions. See headers field of FunctionContext