From 50297835042bc079f13d23a1fedd87e21bc55fb8 Mon Sep 17 00:00:00 2001 From: Pooya Jaferian Date: Tue, 9 Mar 2021 15:44:34 -0800 Subject: [PATCH 1/2] updating the docs to account for edge cases that require manual upgrade --- .../libraries/website/javascript/analytics-js-2.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md b/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md index ab995d593d..9c58ec5c79 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md +++ b/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md @@ -42,6 +42,19 @@ Once enabled, after 5 minutes or less, the updated code is delivered. To revert back to the previous version of Analytics.js, disable the Analytics 2.0 toggle on any source you've enabled it. +## Cases that require manual upgrade +We identified the following two cases where upgrading Analytics 2.0 requires manual effort beyond just enabling the Analytics 2.0 toggle. + +### When using in-domain instrumentation CDN aliasing +If your source uses the in-domain instrumentation as well as a custom "Alias for analytics.js", then you should update the AJS snippet to the latest version (4.13.2 +or higher) before toggling Analytics 2.0 on. + +## When using a strict content security policy on the page +Analytics 2.0 asynchronously loads different pieces of the library as needed, and therefore, if your source uses a strict Content Security Policy (CSP) that allows Javascript to be downloaded from specific locations, then you need to update the CSP to account for all the pieces used for Analytics 2.0. Therefore, beyond allowing the main analytics.min.js script, you should allow the following paths in your CSP: +- `https://cdn.segment.com/v1/projects//settings` +- `https://cdn.segment.com/analytics-next/bundles/*` +- `https://cdn.segment.com/next-integrations/integrations/*` + ## Open source libraries Analytics.js 2.0 includes the following open source components: From 5dac1029224e4f7226ab560acb120bdb53a8cb66 Mon Sep 17 00:00:00 2001 From: Pooya Jaferian Date: Tue, 9 Mar 2021 15:45:56 -0800 Subject: [PATCH 2/2] h223 --- .../catalog/libraries/website/javascript/analytics-js-2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md b/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md index 9c58ec5c79..ba3c1c9870 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md +++ b/src/connections/sources/catalog/libraries/website/javascript/analytics-js-2.md @@ -49,7 +49,7 @@ We identified the following two cases where upgrading Analytics 2.0 requires man If your source uses the in-domain instrumentation as well as a custom "Alias for analytics.js", then you should update the AJS snippet to the latest version (4.13.2 or higher) before toggling Analytics 2.0 on. -## When using a strict content security policy on the page +### When using a strict content security policy on the page Analytics 2.0 asynchronously loads different pieces of the library as needed, and therefore, if your source uses a strict Content Security Policy (CSP) that allows Javascript to be downloaded from specific locations, then you need to update the CSP to account for all the pieces used for Analytics 2.0. Therefore, beyond allowing the main analytics.min.js script, you should allow the following paths in your CSP: - `https://cdn.segment.com/v1/projects//settings` - `https://cdn.segment.com/analytics-next/bundles/*`