JSPM

csp-report-to-google-analytics

1.0.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 3
  • Score
    100M100P100Q52087F
  • License MIT

CSP report to Google Analytics.

Package Exports

  • csp-report-to-google-analytics

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (csp-report-to-google-analytics) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

csp-report-to-google-analytics

Content-Security-Policy(CSP) report to Google Analytics.

Usage

This library should be used with analytics.js. This library does not work with gtag.js. Please see gtag.js API? · Issue #202 · googleanalytics/autotrack.

You can load this library from unpkg CDN.

<!-- Google Analytics -->
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
// require csp-report-to-google-analytics plugin
ga('require', 'csp-report');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<!-- End Google Analytics -->
<!-- Load csp-report-to-google-analytics plugin -->
<script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>

You have already introduced analytics.js, then add these to existing analytic setting.

  • ga('require', 'csp-report');
  • <script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>

CSP

You need to enable CSP on your site.

The Content-Security-Policy-Report-Only HTTP Header is useful to found mixed contents on your site.

Content-Security-Policy-Report-Only: default-src https:;

Also, <meta> tag can enable Content-Security-Policy, but <meta> tag does not support ``Content-Security-Policy-Report-Only` header.

<!-- Work -->
<meta http-equiv="Content-Security-Policy" content="default-src https:">
<!-- Not Work -->
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src https:">

For more information about CSP, see Content Security Policy CSP Reference & Examples.

Options

  • debug: boolean
    • Default: false
ga('require', 'csp-report', {
    debug: true
});

Default field values

Field Value
hitType 'pageview'
eventCategory 'CSP Report'
eventAction SecurityPolicyViolationEvent.violatedDirective
eventLabel SecurityPolicyViolationEvent.blockedURI
nonInteraction true

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm i -d && npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Author

License

MIT © azu