Mixpanel with Cordova attempts to load mixpanel-2-latest.min.js from filesystem

mixpanel / mixpanel-js

Official Mixpanel JavaScript Client Library

https://mixpanel.com/help/reference/javascript

Other

889 stars 312 forks source link

Mixpanel with Cordova attempts to load mixpanel-2-latest.min.js from filesystem #48

Open tlhunter opened 9 years ago

tlhunter commented 9 years ago

If one includes mixpanel.js in their Cordova application, messages won't get logged. The problem comes with the script tag that is generated and inserted into the DOM:

//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js

By default it matches the same protocol the document is loaded under, which in Cordova on Android, is file://. The filesystem lookup for file://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js of course ends up failing.

One possible solution would be to always use https://. If there's a clean way to merge the mixpanel.js and mixpanel-2-latest.min.js files into one (or even do it as a build step and provide the file in the mixpanel-js repo) and ship that, it would be preferred.

tdumitrescu commented 9 years ago

Thanks for writing in. I think you should already have everything you need here:

the latest minified file does get shipped with the repo: https://github.com/mixpanel/mixpanel-js/blob/master/mixpanel.min.js. mixpanel.js is the unminified version, so it can't be merged into the same file.
the protocol behavior has changed recently to handle the file: case: https://github.com/mixpanel/mixpanel-js/blob/b944e9d193e4fe07417d02fb2fc2f1920a30189a/mixpanel-jslib-snippet.js#L74-L75. are you using the latest version of the snippet? should match https://github.com/mixpanel/mixpanel-js/blob/master/mixpanel-jslib-snippet.min.js

If you need more info on loading the lib from 'non-standard' locations, take a look at the Bower section in https://github.com/mixpanel/mixpanel-js/blob/master/README.md which details some variables we offer for overriding default lib locations.

Also happy to help dig into your specific case via email at support@mixpanel.com.

Does this help?

tlhunter commented 9 years ago

Aah, my bad, I was actually referring to the little bootloader snippet when I said mixpanel.js. The latest version you've linked to doesn't appear to have that issue (I can see the file: check).

I'll check out the Bower section, looks like that'll answer the second part.

Related question: If I ship a snapshot of the Mixpanel JS, will it be future proof, or will it eventually become incompatible with the Mixpanel API?

franciscolourenco commented 9 years ago

This is also broken with chrome:// on chrome extension pages. Why not fetch the library always using https? That way you wouldn't need to handle all these special cases. Wouldn't that be more secure as well? Is there anything to be gained by sometimes fetching the lib using http?

Thanks!

jfbloom22 commented 6 years ago

I believe this issue can be closed. I should mention that the readme now has a section titled: Using Bower to load the entire library which explains how to load Mixpanel without the CDN. This will allow it to pass the CSP for Chrome:extensions.
Side note: the instructions are slightly wrong. mixpanel.js does not exist. It should be mixpanel.min.js.