search

tinybirdco / web-analytics-starter-kit

Tinybird Web Analytics Starter Kit
https://tinybird.co/starter-kits/web-analytics
MIT License
341 stars 35 forks source link

Security for the tracking script #84

Open codasana opened 2 months ago

codasana commented 2 months ago

Describe the feature you'd like to request

Is there a way to add security for the tracking script. Right now, I can add script to any number of sites and it will record data from everywhere. So, someone can embed the script in any website and it will record events. Is there a way in Tinybird to implement some security so that data from only predefined websites is recorded. I don't want to do this in the script itself as that can easily be modified.

Describe the solution you'd like

Add security so only verified domains can send data. Otherwise someone can misuse the script and send unwanted data.

Describe alternatives you've considered

No response

alejandromav commented 4 days ago

Hey there @codasana 👋

As of today, we don't have any mechanism in this starter kit to avoid that. Some options that come to my mind are:

  1. Filter the undesired hits in your Tinybird workspaces, by adding a clause in your pipes image

  2. Deploy the middleware to Vercel Functions as described here, and modify this function in your own for with the implementation you prefer.

Would any of these alternatives work for you?

Thanks for your feedback