From f531fc7ee20ed3986e303da3525a77418f3b8abd Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Thu, 19 May 2022 15:54:56 +0200
Subject: [PATCH] matomo: send securitypolicyviolation events
This event gets dispatched in case the CSP blocks something.
This is motivated by browsers handling this differently, for
example spawning a worker via blob: is allowed in chrome, but not in firefox
and things like "worker-src" is not supported in safari..
So having some error reporting there is helpful in case some browser
version somewhere behaves differently.
---
packages/matomo/src/matomo.js | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/packages/matomo/src/matomo.js b/packages/matomo/src/matomo.js
index ba7bb718..0f99c2aa 100644
--- a/packages/matomo/src/matomo.js
+++ b/packages/matomo/src/matomo.js
@@ -155,6 +155,29 @@ export class MatomoElement extends DBPLitElement {
that.pushEvent(['trackEvent', 'UnhandledRejection', name]);
});
+ // https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event
+ window.addEventListener('securitypolicyviolation', (e) => {
+ let attrs = [
+ 'blockedURI',
+ 'columnNumber',
+ 'disposition',
+ 'documentURI',
+ 'effectiveDirective',
+ 'lineNumber',
+ 'originalPolicy',
+ 'referrer',
+ 'sample',
+ 'sourceFile',
+ 'statusCode',
+ 'violatedDirective',
+ ];
+ let payload = {};
+ for (let attr of attrs) {
+ payload[attr] = e[attr];
+ }
+ this.pushEvent(['trackEvent', 'SecurityPolicyViolation', JSON.stringify(payload)]);
+ });
+
this.isRunning = true;
if (this.lastEvent.length > 0) {
console.log(
--
GitLab