Closed joeyrlee closed 7 months ago
How about making the url path/endpoint configurable? E.g. {api_host: 'foo.com', api_endpoint_track: 'bar'}
. This is simpler to implement and compatible with the real Mixpanel API
Thanks for the quick reply @tdumitrescu. I believe something like that would work - we would then just create two flip-flopped objects for obfuscating in the browser and de-obfuscating on the server (eg const obfuscatedRoutes = {track: 'foo', engage: 'bar', ...rest}; const deObfuscatedRoutes = {foo: 'track', bar: 'engage', ...rest};
)
Configurable API endpoints are now supported as of https://github.com/mixpanel/mixpanel-js/releases/tag/v2.48.0
Request
As a mixpanel user whom is using the
api_host
config option to proxy requests through a same-site server to circumvent ad blockers, I'd like to also be able to opt in to moving the api names currently appended to request urls by the sdk into the request body instead. E.g. /my-proxy-url/track becomes simply /my-proxy-urlSuggested config option:
move_api_identifier_to_request_body: boolean
Why
Inasmuch as a url with a trailing "/track" is an easy target for ad blockers (as also raised in #306), it seems simple to capture the event identifier in the request payload instead - furthermore, it would be backwards compatible if disabling the setting by default. Otherwise, to achieve a similar workaround, a dev would need to monkey patch the XHR global to accomplish this which is undesirable.