search

readium / readium-js-viewer

👁 ReadiumJS viewer: default web app for Readium.js library
BSD 3-Clause "New" or "Revised" License
558 stars 186 forks source link

Chrome extension Google Analytics error (CSP Content Security Policy) #340

Open danielweck opened 9 years ago

danielweck commented 9 years ago 
Refused to load the script 'https://ssl.google-analytics.com/ga.js'
because it violates the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:".
Note that 'script-src' was not explicitly set,
so 'default-src' is used as a fallback.
danielweck commented 9 years ago

To open the Web Inspector (debugger + Javascript console, etc.) in Chrome, go to the "extensions" page (chrome://extensions/), and click on the Inspect views: index.html link located alongside the Readium icon.

danielweck commented 9 years ago

UPDATE: scrap this comment, see the next one below.

https://developer.chrome.com/extensions/examples/tutorials/analytics/manifest.json

{
  "content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'"
}
danielweck commented 9 years ago

Scrap my above comment (not for packaged apps). This instead:

https://github.com/GoogleChrome/chrome-platform-analytics/blob/master/google-analytics-bundle.js

https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/analytics

danielweck commented 9 years ago

CC @ryanackley (please have a look if you don't mind / you have the time)

Google Analytics currently disabled: https://github.com/readium/readium-js-viewer/blob/develop/src/chrome-app/analytics/ExtensionAnalytics.js#L16

    //Refused to load the script 'https://ssl.google-analytics.com/ga.js'
    //because it violates the following Content Security Policy directive:
    //"default-src 'self' chrome-extension-resource:".
    //Note that 'script-src' was not explicitly set,
    //so 'default-src' is used as a fallback.
    //
    // window._gaq = window._gaq || [];
    // _gaq.push(['_setAccount', 'UA-29665823-1']);
    //
    //
    // (function() {
    //   var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    //   ga.src = 'https://ssl.google-analytics.com/ga.js';
    //   var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
    // })();

    return {
        trackView : function(viewName){
            //_gaq.push(['_trackPageview', viewName]);
        },
        sendEvent : function(category, action, label, value){
            //_gaq.push(['_trackEvent', category, action, label, value]);
        }
    }

It looks like this must be used instead: https://github.com/GoogleChrome/chrome-platform-analytics/blob/master/google-analytics-bundle.js https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/analytics