Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotjar is not working #1033

Closed
ddfridley opened this issue Aug 31, 2023 · 4 comments
Closed

Hotjar is not working #1033

ddfridley opened this issue Aug 31, 2023 · 4 comments
Assignees
@ddfridley

Comments

@ddfridley
Copy link
Collaborator

On hotjar.com - for www.democracylab.org it reports:

There might be an issue with your tracking code. Verify tracking code installation

Then, if you visit democracylab.org and then open the debugger, there are these errors:

modules.cf97ff05ad84a23ed648.js:2 Refused to connect to 'https://vc.hotjar.io/sessions/1097784?s=0.25&r=0.05699358338635219' because it violates the following Content Security Policy directive: "connect-src 'self' https://democracylab-marlok.s3.amazonaws.com *.qiqochat.com qiqocableeu.herokuapp.com *.google-analytics.com *.nr-data.net *.hereapi.com *.hotjar.com https://blog.democracylab.org".

r.ajax @ modules.cf97ff05ad84a23ed648.js:2
modules.cf97ff05ad84a23ed648.js:2 Refused to connect to 'wss://ws.hotjar.com/api/v2/client/ws' because it violates the following Content Security Policy directive: "connect-src 'self' https://democracylab-marlok.s3.amazonaws.com *.qiqochat.com qiqocableeu.herokuapp.com *.google-analytics.com *.nr-data.net *.hereapi.com *.hotjar.com https://blog.democracylab.org".

r @ modules.cf97ff05ad84a23ed648.js:2
modules.cf97ff05ad84a23ed648.js:2 Refused to connect to 'https://content.hotjar.io/?gzip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://democracylab-marlok.s3.amazonaws.com *.qiqochat.com qiqocableeu.herokuapp.com *.google-analytics.com *.nr-data.net *.hereapi.com *.hotjar.com https://blog.democracylab.org".

r.ajax @ modules.cf97ff05ad84a23ed648.js:2

While *.hotjar.com does appear in several CSP_ parameters in democracylab/settings.py it may be that we need to specify it differently - perhaps including the transport, or the specific host.
@ddfridley ddfridley self-assigned this Aug 31, 2023
@QuanGiap
Copy link
Collaborator

QuanGiap commented Sep 3, 2023

From what I read on the website, It is possible that there is something wrong in the CSP_CONNECT_SRC and we need to fix it
https://github.com/DemocracyLab/CivicTechExchange/blob/master/democracylab/settings.py#L403
From my guess, we can try adding https://.hotjar.com, https://.hotjar.io, and wss://*.hotjar.com in CSP_CONNECT_SRC.

@ddfridley
Copy link
Collaborator Author

@marlonkeating When I browse to democraclab.org/companies I get the above errors. When I browse to democracy-lab-dev.herokuapp.com I do not.

Also, when I go to democracy-lab-prod-mirror.herokuapp.com - the other property setup on hotjar, I do get the same two errors as above.

Is there something in the environment of -dev that needs to be set to enable stronger content security checking?

@ddfridley
Copy link
Collaborator Author

I found this link to help with the content security policy settings: https://help.hotjar.com/hc/en-us/articles/115011640307-Content-Security-Policies

@ddfridley
Copy link
Collaborator Author

Closed by #1068

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ddfridley ddfridley

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ddfridley @QuanGiap