@socialgouv/matomo-next
Advanced tools
Comparing version 1.7.0 to 1.8.0
@@ -11,2 +11,4 @@ interface InitSettings { | ||
onInitialization?: () => void; | ||
nonce?: string; | ||
trustedPolicyName?: string; | ||
} | ||
@@ -26,4 +28,4 @@ interface Dimensions { | ||
export declare function push(args: (Dimensions | number[] | string[] | number | string | null | undefined)[]): void; | ||
export declare function init({ url, siteId, jsTrackerFile, phpTrackerFile, excludeUrlsPatterns, disableCookies, onRouteChangeStart, onRouteChangeComplete, onInitialization, }: InitSettings): void; | ||
export declare function init({ url, siteId, jsTrackerFile, phpTrackerFile, excludeUrlsPatterns, disableCookies, onRouteChangeStart, onRouteChangeComplete, onInitialization, nonce, trustedPolicyName, }: InitSettings): void; | ||
export default init; | ||
//# sourceMappingURL=index.d.ts.map |
@@ -29,5 +29,10 @@ "use strict"; | ||
}; | ||
var trustedPolicyHooks = { | ||
createScript: function (s) { return s; }, | ||
createScriptURL: function (s) { return s; }, | ||
}; | ||
// initialize the tracker | ||
function init(_a) { | ||
var url = _a.url, siteId = _a.siteId, _b = _a.jsTrackerFile, jsTrackerFile = _b === void 0 ? "matomo.js" : _b, _c = _a.phpTrackerFile, phpTrackerFile = _c === void 0 ? "matomo.php" : _c, _d = _a.excludeUrlsPatterns, excludeUrlsPatterns = _d === void 0 ? [] : _d, _e = _a.disableCookies, disableCookies = _e === void 0 ? false : _e, _f = _a.onRouteChangeStart, onRouteChangeStart = _f === void 0 ? undefined : _f, _g = _a.onRouteChangeComplete, onRouteChangeComplete = _g === void 0 ? undefined : _g, _h = _a.onInitialization, onInitialization = _h === void 0 ? undefined : _h; | ||
var _b, _c, _d, _e; | ||
var url = _a.url, siteId = _a.siteId, _f = _a.jsTrackerFile, jsTrackerFile = _f === void 0 ? "matomo.js" : _f, _g = _a.phpTrackerFile, phpTrackerFile = _g === void 0 ? "matomo.php" : _g, _h = _a.excludeUrlsPatterns, excludeUrlsPatterns = _h === void 0 ? [] : _h, _j = _a.disableCookies, disableCookies = _j === void 0 ? false : _j, _k = _a.onRouteChangeStart, onRouteChangeStart = _k === void 0 ? undefined : _k, _l = _a.onRouteChangeComplete, onRouteChangeComplete = _l === void 0 ? undefined : _l, _m = _a.onInitialization, onInitialization = _m === void 0 ? undefined : _m, nonce = _a.nonce, _o = _a.trustedPolicyName, trustedPolicyName = _o === void 0 ? "matomo-next" : _o; | ||
window._paq = window._paq !== null ? window._paq : []; | ||
@@ -38,2 +43,3 @@ if (!url) { | ||
} | ||
var sanitizer = (_c = (_b = window.trustedTypes) === null || _b === void 0 ? void 0 : _b.createPolicy(trustedPolicyName, trustedPolicyHooks)) !== null && _c !== void 0 ? _c : trustedPolicyHooks; | ||
var previousPath = ""; | ||
@@ -67,6 +73,10 @@ // order is important -_- so campaign are detected | ||
var refElement = document.getElementsByTagName("script")[0]; | ||
if (nonce) { | ||
scriptElement.setAttribute("nonce", nonce); | ||
} | ||
scriptElement.type = "text/javascript"; | ||
scriptElement.async = true; | ||
scriptElement.defer = true; | ||
scriptElement.src = url + "/" + jsTrackerFile; | ||
var fullUrl = url + "/" + jsTrackerFile; | ||
scriptElement.src = (_e = (_d = sanitizer.createScriptURL) === null || _d === void 0 ? void 0 : _d.call(sanitizer, fullUrl)) !== null && _e !== void 0 ? _e : fullUrl; | ||
if (refElement.parentNode) { | ||
@@ -73,0 +83,0 @@ refElement.parentNode.insertBefore(scriptElement, refElement); |
{ | ||
"name": "@socialgouv/matomo-next", | ||
"version": "1.7.0", | ||
"version": "1.8.0", | ||
"author": "Fabrique numérique des Ministères Sociaux <dsi-incubateur@sg.social.gouv.fr> (https://www.fabrique.social.gouv.fr)", | ||
@@ -10,2 +10,3 @@ "homepage": "https://github.com/SocialGouv/matomo-next#readme", | ||
"@types/jest": "26.0.24", | ||
"@types/trusted-types": "^2.0.4", | ||
"eslint": "7.32.0", | ||
@@ -12,0 +13,0 @@ "jest": "26.6.3", |
@@ -82,2 +82,31 @@ <h1 align="center"> | ||
### Content-Security-Policy | ||
#### [Nonce](https://developer.mozilla.org/fr/docs/Web/HTML/Global_attributes/nonce) | ||
If you use a `Content-Security-Policy` header with a `nonce` attribute, you can pass it to the `init` function to allow the script to be executed. | ||
```js | ||
init({ | ||
url: MATOMO_URL, | ||
siteId: MATOMO_SITE_ID, | ||
nonce: "123456789", | ||
}) | ||
``` | ||
#### [Trusted Types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types) | ||
As the `matomo-next` injects a matomo script, if you use strict Trusted Types, you need to allow the `script` tag to be created by adding our policy name to your `trusted types` directive. | ||
``` | ||
Content-Security-Policy: require-trusted-types-for 'script'; trusted-types matomo-next; | ||
``` | ||
You can set a custom policy name by passing it to the `init` function. | ||
```js | ||
init({ | ||
url: MATOMO_URL, | ||
siteId: MATOMO_SITE_ID, | ||
trustedPolicyName: "your-custom-policy-name", | ||
}) | ||
``` | ||
### Extensibility | ||
@@ -84,0 +113,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
54899
508
150
12