Enable anonymous/GDPR compliant analytics via https://plausible.io/

see https://plausible.io/privacy-focused-web-analytics for more details controlled via the ``ANONYMOUS_ANALYTICS`` setting, which defaults to True when not in development mode.
kiwitcms · Feb 22, 2024 · 4eeed0f · 4eeed0f
1 parent d6a0bbd
commit 4eeed0f
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 4 deletions.
diff --git a/etc/nginx.conf b/etc/nginx.conf
@@ -63,7 +63,7 @@ http {
     }
 
     # WARNING: make sure these match tcms.core.middleware.ExtraHeadersMiddleware
-    add_header Content-Security-Policy "script-src 'self' cdn.crowdin.com;";
+    add_header Content-Security-Policy "script-src 'self' cdn.crowdin.com plausible.io;";
 
     server {
         listen       8080;

diff --git a/tcms/core/middleware.py b/tcms/core/middleware.py
@@ -30,7 +30,7 @@ def process_response(self, request, response):
         if settings.DEBUG:
             response.headers[
                 "Content-Security-Policy"
-            ] = "script-src 'self' cdn.crowdin.com;"
+            ] = "script-src 'self' cdn.crowdin.com plausible.io;"
 
             if request.path.find("/uploads/") > -1:
                 response.headers["Content-Type"] = "text/plain"

diff --git a/tcms/settings/common.py b/tcms/settings/common.py
@@ -226,6 +226,10 @@
 # via 1-click integration.
 REDMINE_TRACKER_NAME = "Bugs"
 
+# Anonymous/GDPR compliant analytics via https://plausible.io/
+# see https://plausible.io/privacy-focused-web-analytics for more details
+ANONYMOUS_ANALYTICS = "runserver" not in sys.argv
+
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # ~~ DANGER: Don't change the settings below!
@@ -564,3 +568,6 @@
 
 # See https://github.com/django-guardian/django-guardian/issues/726
 ANONYMOUS_USER_NAME = "AnonymousUser"
+
+# https://plausible.io/kiwitcms-container
+PLAUSIBLE_DOMAIN = "kiwitcms-container"
diff --git a/tcms/templates/admin/base_site.html b/tcms/templates/admin/base_site.html
@@ -16,9 +16,15 @@
 {% endblock %}
 
 {% block javascripts %}
+    {% if SETTINGS.ANONYMOUS_ANALYTICS %}
+    <script defer data-domain="{{ SETTINGS.PLAUSIBLE_DOMAIN }}" src="https://plausible.io/js/script.js"></script>
+    {% endif %}
+
     {{ block.super }}
+
     <script src="{% static 'simplemde/dist/simplemde.min.js' %}"></script>
     <script src="{% static 'js/admin_override.js' %}"></script>
+
     {% if LANGUAGE_CODE == 'eo' %}
     <script type="text/javascript" src="{% static 'js/crowdin.js'  %}"></script>
     <script type="text/javascript" src="//cdn.crowdin.com/jipt/jipt.js"></script>

diff --git a/tcms/templates/base.html b/tcms/templates/base.html
@@ -20,6 +20,10 @@
     <script type="text/javascript" src="//cdn.crowdin.com/jipt/jipt.js"></script>
     {% endif %}
 
+    {% if SETTINGS.ANONYMOUS_ANALYTICS %}
+    <script defer data-domain="{{ SETTINGS.PLAUSIBLE_DOMAIN }}" src="https://plausible.io/js/script.js"></script>
+    {% endif %}
+
     {% include 'patternfly.html' %}
     {% block head %}{% endblock %}
 </head>

diff --git a/tests/test_http.sh b/tests/test_http.sh
@@ -93,8 +93,8 @@ _EOF_
     rlPhaseEnd
 
     rlPhaseStartTest "Should send Content-Security-Policy header"
-        rlRun -t -c "curl -k -D- $HTTPS 2>/dev/null | grep $'Content-Security-Policy: script-src \'self\' cdn.crowdin.com;'"
-        rlRun -t -c "curl -k -D- $PROXY 2>/dev/null | grep $'Content-Security-Policy: script-src \'self\' cdn.crowdin.com;'"
+        rlRun -t -c "curl -k -D- $HTTPS 2>/dev/null | grep $'Content-Security-Policy: script-src \'self\' cdn.crowdin.com plausible.io;'"
+        rlRun -t -c "curl -k -D- $PROXY 2>/dev/null | grep $'Content-Security-Policy: script-src \'self\' cdn.crowdin.com plausible.io;'"
     rlPhaseEnd
 
     rlPhaseStartTest "Should not execute inline JavaScript"