feat: add organizer tracking pixels with cookie consent#1166
Merged
daveearley merged 10 commits intodevelopfrom Apr 18, 2026
Merged
feat: add organizer tracking pixels with cookie consent#1166daveearley merged 10 commits intodevelopfrom
daveearley merged 10 commits intodevelopfrom
Conversation
Allow organizers to configure tracking pixels (Facebook Pixel, Google Analytics 4, Google Tag Manager, TikTok Pixel) for their public event pages, organizer homepage, and checkout flow. Pixels are gated behind a cookie consent banner that respects GDPR requirements. - Backend: migration, enum, DTO, validation with provider-specific format rules, public resource strips sensitive fields - Frontend: plugin architecture with 4 providers, consent manager with Google Consent Mode v2, cookie consent banner component - Settings UI: fixed provider cards with icons, enable/disable toggles, format validation, GDPR acknowledgment - Funnel events: PageView, ViewContent, InitiateCheckout, Purchase with transaction_id for GA4 deduplication - Purchase event deduplication via sessionStorage - Env vars: VITE_COOKIE_CONSENT_ENABLED, VITE_COOKIE_CONSENT_TEXT Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
GA4 was not sending data because consent default was skipped when consent was already granted, causing gtag.js to have no consent state before config. Now sets consent default to granted/denied based on existing cookie state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
gtag.js expects Arguments objects in dataLayer, not Arrays. Using rest params (...args) and pushing the array caused gtag.js to process commands but never send g/collect requests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
Google's standard GTM install pushes the gtm.start event to dataLayer before injecting the gtm.js script tag. We had the order reversed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
GTM allows arbitrary JavaScript execution, which is a security risk on hosted/SaaS platforms. GTM is now blocked when saas_mode is enabled: - Backend: validation rejects GTM provider with clear error message - Frontend: GTM hidden from provider list, stripped from form submission in SaaS mode Other providers (FB Pixel, GA4, TikTok) are safe as they only accept pixel IDs and inject known vendor scripts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
- Update cookie consent text to be more informative and GDPR-compliant - Add Privacy Policy link using existing VITE_PRIVACY_URL config - Fix Google Consent Mode v2 race condition (init before scripts load) - Fix SSR hydration mismatch by deferring consent state read to mount - Fix ViewContent/Purchase events not firing after consent granted - Add GTM re-initialization guard to prevent duplicate script tags - Add error handling for failed tracking pixel initialization - Add backend validation requiring consent acknowledgment for enabled pixels - Add translations for cookie banner strings across all locales - Add unit tests for pixel ID validation and request validation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
Prevents GTM pixel IDs from being returned via public organizer/event endpoints when SaaS mode is enabled, closing a gap where pre-existing GTM entries could still be loaded and executed on the frontend. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
railway-app
bot
temporarily deployed
to
Hi.Events / Hi.Events-pr-1166
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Allow organizers to configure tracking pixels (Facebook Pixel, Google Analytics 4, Google Tag Manager, TikTok Pixel) for their public event pages, organizer homepage, and checkout flow. Pixels are gated behind a cookie consent banner that respects GDPR requirements.