Disabling of third-party integrations for self-hosted deployments

[almereyda]

What happened?

When running the current Docker distribution, requests are made to third-party sources.

• Cloudflare
  
• Mixpanel

When telemetry is disabled in the user account, Mixpanel will become silent, even on the login form when logged out, but Cloudflare remains active.

In both cases we also see requests to:

• https://affine.pro/favicon.ico
  which perfectly acts as a tracking pixel
• https://app.affine.pro/ in the redirect_uri after sending a POST request to /api/auth/sign-in
  This is responded to with a 406, and upon a second try with a 200 and login works, despite malconfigured

This can be understood as a breach of privacy and could lead to illegal behaviour, esp. in the EU with regards to the GDPR.

Two resolution vectors offer themselves:

• [ ] It is possible to disable (and configure) the third-party integrations to Cloudflare and Mixpanel (individually and) with an environmental variable.
• [ ] It is possible to configure the redirect_uri parameter.
• [ ] The favicon is hosted locally.

Distribution version

Linux

What browsers are you seeing the problem on if you're using web version?

No response

Are you self-hosting?

• [X] Yes

Relevant log output

POST /api/auth/sign-in?redirect_uri=https%3A%2F%2Fapp.affine.pro%2F HTTP/1.1
Host: localhost:3010
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: de,en-GB;q=0.8,fr;q=0.6,en;q=0.4,en-US;q=0.2
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:3010/
content-type: application/json
Content-Length: 50
Origin: http://localhost:3010
Connection: keep-alive
Cookie: JSESSIONID=1stz32knsdjvv1grovwo4nabgb; myaigent=0e8b44c680564edeb224fe5037db6b48; CSRF-Token-PF4SZ=kXofeD9pcZbQgNJvqEqqj3KaTgFmT6Ci; pagure_local_cookie=; cockpit=dj0yO2s9NzdmZWFlNDBmMDA2ZTg2ZDI1NTEyZmY5ZWZkNTJiMzQxOGU3OWQ4YTQ1ZDdmZWY1NWRjMGI4NWQ4YzNmMWM4MQ==; sessions=%7B%7D; PHPSESSID=d172e820064987f1fc70d65b22ae3786; session=.eJwdjlFrgzAURv_KyHMHSbRuE_ogGMFCIo5IuPelpDbFxvpiV-JS-t9n9_TBB-dwHuRwnt1tIPnPfHcbcricSP4gb0eSk0aLFE01gm5TmKpJ8S7iJBfg-wF1HZX_voKBRZp2q3wfYOoSqYsgtQhYwi_qgqtSXcHXoSkFlUZs5cvh60RFwVCPy8oHVUKqvKAqqguaLr4YGYsUp47KEtev8uj3Y2PUujhILdceCMAhRb_28XZHnhtyv7n5v5-w98w6e3L0Iztb9klZz3rOE2YpZ8cvZjNHnn8dj1Ah.FmaP8w.BEujifcEbjQpnfEn1rmYzVkuuKM; argocd.token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJhZG1pbjpsb2dpbiIsImV4cCI6MTY3Mzk1NTE5NywibmJmIjoxNjczODY4Nzk3LCJpYXQiOjE2NzM4Njg3OTcsImp0aSI6IjBiNmU2YTY4LTJlZjktNDU4Yy04MGZhLWUyOGRlZTdlODAwMSJ9.HIz-f9vi1PP06ANzzI9E3nm7IV4W6lCt7HgRx4RpUEk; alps_session=fGsYgf1CJNyoYQvGr7o3CiG8kXQBC7s-oTsh7-272dE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

POST /track/?verbose=1&ip=1&_=1711882453809 undefined
Host: api-js.mixpanel.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: de,en-GB;q=0.8,fr;q=0.6,en;q=0.4,en-US;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2321
Origin: http://localhost:3010
Connection: keep-alive
Referer: http://localhost:3010/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

GET /cdn-cgi/challenge-platform/h/g/cmg/1/gPgxBmu7dknlu4yVXsBLaw0eWk%2B%2FWEsazG1n%2B18Du1w%3D HTTP/3
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: image/avif,image/webp,*/*
Accept-Language: de,en-GB;q=0.8,fr;q=0.6,en;q=0.4,en-US;q=0.2
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/32m8u/1x00000000000000000000AA/auto/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

### Anything else?

- [ ] Docker distribution is added to issue template as an option for choice. It is currently implied when checking the box for self-hosting.

[affine-issue-bot[bot]]

Issue Status: 💡 Open

💡 Open

We want to implement the fix or feature in the near future. We can’t promise it will appear in the next public release, but it’s on our short list.

^{_{This is an automatic reply by the bot.}}

[EYHN]

• disable cloudflare captcha is in progress https://github.com/toeverything/AFFiNE/pull/5961
• we will provide an option if you wish to completely turn off telemetry in selfhost https://github.com/toeverything/AFFiNE/pull/6424
• favicon.ico is our mistake https://github.com/toeverything/AFFiNE/pull/6425
• redirect_uri was due to a bug in our frontend config, i will changed it to be based on the current url. https://github.com/toeverything/AFFiNE/pull/6426

[almereyda]

Thank you!

Sorry for having bothered you, if this was the case.

Upon review, I'm seeing there are more mentions to app.affine.pro in https://github.com/toeverything/AFFiNE/pull/6425/files#diff-34fa70f6f51a4276612515c7bf9671e64310d0fa1601ca6a41d6d510137747a9L31-L32

Should those be removed or made configurable, too?

[JokerQyou]

Dispite #6424 already merged, AFFiNE 0.17.0-nightly-2335e8a seems to ignore TELEMTRY_ENABLE=false option. The frontend still sends request to telemetry.affine.run.