ISSUE-30880 - Add CSP entry to allow google analytics ajax #30881

zaximus84 · 2020-11-11T17:31:24Z

Description (*)

Google analytics scripts make ajax calls (to GA). With the existing CSP whitelist in the analytics module, these requests are blocked. This PR adds a CSP entry for connect-src to allow ajax requests to www.google-analytics.com

Fixed Issues (if relevant)

Fixes Google Analytics CSP Violation #30880

Manual testing scenarios (*)

Ensure that Magento_CSP is enabled and functional (content security policy headers appear in store front page responses).
In store configuration, enable Google Analytics and set an account number.
Flush caches and visit the store front.
In the developer console, confirm that there is no error pertaining to an ajax call to https://www.google-analytics.com/j/collect.
In the network tab, confirm that there was a successful ajax call to https://www.google-analytics.com/j/collect.

Contribution checklist (*)

Pull request has a meaningful description of its purpose
All commits are accompanied by meaningful commit messages
All new or changed code is covered with unit/integration tests (if applicable)
All automated tests passed successfully (all builds are green)

m2-assistant · 2020-11-11T17:31:27Z

Hi @zaximus84. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

@magento give me test instance - deploy test instance based on PR changes
@magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

@magento run all tests - run or re-run all required tests against the PR changes
@magento run <test-build(s)> - run or re-run specific test build(s)
For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

Database Compare
Functional Tests CE
Functional Tests EE,
Functional Tests B2B
Integration Tests
Magento Health Index
Sample Data Tests CE
Sample Data Tests EE
Sample Data Tests B2B
Static Tests
Unit Tests
WebAPI Tests

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

magento-engcom-team · 2020-11-11T22:18:36Z

Hi @sidolov, thank you for the review.
ENGCOM-8450 has been created to process this Pull Request
✳️ @sidolov, could you please add one of the following labels to the Pull Request?

Label	Description
`Auto-Tests: Covered`	All changes in Pull Request is covered by auto-tests
`Auto-Tests: Not Covered`	Changes in Pull Request requires coverage by auto-tests
`Auto-Tests: Not Required`	Changes in Pull Request does not require coverage by auto-tests

engcom-Alfa · 2020-11-12T11:27:38Z

✔️ QA Passed

Manual testing scenario:

In admin store configuration, go to Sales / Google API > Google Analytics. Set Enabled = Yes and enter an Account Number.
Flush all caches and load a page on the store front (such as the home page)ж
Open developer console:

Before: ✖️ Error: Refused to connect to...

After: ✔️ no error pertaining to an ajax call to https://www.google-analytics.com/j/collect.

engcom-Alfa · 2020-12-01T08:24:17Z

Hi @sidolov .
Could you put an appropriate label for test coverage?
Thanks!

engcom-Foxtrot · 2020-12-07T08:45:17Z

@magento run all tests

engcom-Foxtrot · 2020-12-08T10:56:17Z

@magento run all tests

#30881

m2-assistant · 2020-12-21T02:40:00Z

Hi @zaximus84, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

ISSUE-30880 - Add CSP entry to allow google analytics ajax

a4f66bd

magento-engcom-team added Component: GoogleAdwords Release Line: 2.4 Partner: Blue Acorn iCi partners-contribution Pull Request is created by Magento Partner labels Nov 11, 2020

m2-community-project bot added this to Pending Review in Pull Requests Dashboard Nov 11, 2020

m2-community-project bot added Progress: pending review Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Severity: S2 Major restrictions or short-term circumventions are required until a fix is available. labels Nov 11, 2020

m2-community-project bot added this to Pending Review in High Priority Pull Requests Dashboard Nov 11, 2020

m2-community-project bot removed this from Pending Review in Pull Requests Dashboard Nov 11, 2020

sidolov approved these changes Nov 11, 2020

View reviewed changes

m2-community-project bot assigned sidolov Nov 11, 2020

m2-community-project bot moved this from Pending Review to Ready for Testing in High Priority Pull Requests Dashboard Nov 11, 2020

m2-community-project bot added Progress: ready for testing and removed Progress: pending review labels Nov 11, 2020

engcom-Alfa self-assigned this Nov 12, 2020

engcom-Alfa moved this from Ready for Testing to Testing in Progress in High Priority Pull Requests Dashboard Nov 12, 2020

m2-community-project bot added Progress: testing in progress and removed Progress: ready for testing labels Nov 12, 2020

sidolov added the Auto-Tests: Not Required Changes in Pull Request does not require coverage by auto-tests label Dec 1, 2020

m2-community-project bot moved this from Testing in Progress to Ready for Testing in High Priority Pull Requests Dashboard Dec 1, 2020

m2-community-project bot added Progress: ready for testing and removed Progress: testing in progress labels Dec 1, 2020

engcom-Alfa moved this from Ready for Testing to Testing in Progress in High Priority Pull Requests Dashboard Dec 3, 2020

m2-community-project bot removed the Progress: ready for testing label Dec 3, 2020

m2-community-project bot added Progress: ready for testing and removed Progress: testing in progress labels Dec 3, 2020

engcom-Alfa moved this from Ready for Testing to Testing in Progress in High Priority Pull Requests Dashboard Dec 3, 2020

m2-community-project bot added Progress: testing in progress and removed Progress: ready for testing labels Dec 3, 2020

engcom-Alfa moved this from Testing in Progress to Extended Testing (optional) in High Priority Pull Requests Dashboard Dec 3, 2020

m2-community-project bot added Progress: extended testing and removed Progress: testing in progress labels Dec 3, 2020

engcom-Foxtrot self-assigned this Dec 4, 2020

m2-community-project bot moved this from Extended Testing (optional) to Ready for Testing in High Priority Pull Requests Dashboard Dec 4, 2020

m2-community-project bot added Progress: ready for testing and removed Progress: extended testing labels Dec 4, 2020

engcom-Alfa moved this from Ready for Testing to Testing in Progress in High Priority Pull Requests Dashboard Dec 4, 2020

m2-community-project bot added Progress: testing in progress and removed Progress: ready for testing labels Dec 4, 2020

engcom-Alfa moved this from Testing in Progress to Extended Testing (optional) in High Priority Pull Requests Dashboard Dec 4, 2020

m2-community-project bot added Progress: extended testing and removed Progress: testing in progress labels Dec 4, 2020

Merge branch '2.4-develop' into ISSUE-30880-google-analytics-csp-error

9be0942

engcom-Foxtrot moved this from Extended Testing (optional) to Merge in Progress in High Priority Pull Requests Dashboard Dec 17, 2020

m2-community-project bot added Progress: accept and removed Progress: extended testing labels Dec 17, 2020

magento-engcom-team mentioned this pull request Dec 21, 2020

Google Analytics CSP Violation #30880

Closed

5 tasks

magento-engcom-team pushed a commit that referenced this pull request Dec 21, 2020

ENGCOM-8450: ISSUE-30880 - Add CSP entry to allow google analytics ajax

d7f01eb

#30881

magento-engcom-team merged commit 11c2204 into magento:2.4-develop Dec 21, 2020

sidolov moved this from Merge in Progress to Recently Merged in High Priority Pull Requests Dashboard Dec 21, 2020

magento-engcom-team removed this from Recently Merged in High Priority Pull Requests Dashboard Oct 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ISSUE-30880 - Add CSP entry to allow google analytics ajax #30881

ISSUE-30880 - Add CSP entry to allow google analytics ajax #30881

zaximus84 commented Nov 11, 2020

m2-assistant bot commented Nov 11, 2020

magento-engcom-team commented Nov 11, 2020

engcom-Alfa commented Nov 12, 2020

engcom-Alfa commented Dec 1, 2020

engcom-Foxtrot commented Dec 7, 2020

engcom-Foxtrot commented Dec 8, 2020

m2-assistant bot commented Dec 21, 2020

ISSUE-30880 - Add CSP entry to allow google analytics ajax #30881

ISSUE-30880 - Add CSP entry to allow google analytics ajax #30881

Conversation

zaximus84 commented Nov 11, 2020

Description (*)

Fixed Issues (if relevant)

Manual testing scenarios (*)

Contribution checklist (*)

m2-assistant bot commented Nov 11, 2020

magento-engcom-team commented Nov 11, 2020

engcom-Alfa commented Nov 12, 2020

engcom-Alfa commented Dec 1, 2020

engcom-Foxtrot commented Dec 7, 2020

engcom-Foxtrot commented Dec 8, 2020

m2-assistant bot commented Dec 21, 2020