Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
The Cloudflare Workers implementation of an async Google Analytics
This project is based on Google Analytics Measurement Protocol, using Cloudflare Workers with a less than 1KB gzipped tiny cfga.min.js
to accelerate the Google Analytics, rather than a heavy (45KB gzipped) analytics.js
from Google.
Login into Cloudflare Dashboard and enter Workers
App. Create a new script, delete default code in the editor, and then copy the woker.js
content into the editor. After saving the workers script, do not forget to register a route for the scripts.
Now you can test your workers with a simple HTTP request. You should able to see 403 Forbidden
. Then you can deploy the scripts.
cfga.min.js
into your websiteJust add those few lines of the code to your website, right before </body>
. Do not forget to replace the default configuration with your own!
<script>
window.ga_tid = "UA-XXXXX-Y"; // {String} The trackerID of your site.
window.ga_api = "https://example.com/xxx/"; // {String} The route of your cloudflare workers you just registered before.
</script>
<script src="https://cdn.jsdelivr.net/npm/cfga@1.0.3" async></script>
Releases Only
.Click the watch
button at the top of the repo and choose Releases Only
, so you can get notice of release update in time.
cfga.js
will send the data once the window's load
event is fired.
But you can still manually send the data again by calling window.cfga()
, just like the original analytics.js
with ga('send', 'pageview')
.
Recently cloudflare-workers-async-google-analytics
has been blocked by EasyList. Great Job though. So I am going to play a cat & mouse game now.
From 1.0.3
the random string will be added as a parameter to bypass EasyList. Also, this could help, too:
cfga/jquery.js
for your Cloudflare Workers.window.ga_api = "https://example.com/cfga/jquery.js"; // {String} The route of your cloudflare workers you just registered before.
Block jquery.js
if you can, haha!
cfga.min.js
collected and sentCurrently, cloudflare-workers-async-google-analytics
and cfga.min.js
only support collect those types of data listed below. If you want to collect more, you should use Google Analytics official track code.
dl
: Document location URLuip
: User real IPua
: User Agentdt
: Document Titlede
: Document Encodingdr
: Document Referrerul
: User Languagesd
: Screen Colors Depthsr
: Screen Resolutionplt
: Page Load Timedns
: DNS Timepdt
: Page Downloaad Timerrt
: Redirect Response Timetcp
: TCP Connect Timesrt
: Server Response Timedit
: DOM Interactive Timeclt
: Content Load Timecloudflare-workers-async-google-analytics
blocks those types of request by default:
User-Agent
in request headersReferer
in request headersAnd if you want to restrict your workers only for your website, all you need to do is to edit a few lines of your workers:
//const AllowedReferrer = 'skk.moe';
skk.moe
, then remove //
.Notice: set
AllowedReferrer
value toskk.moe
means all the subdomains ofskk.moe
will be allowed as well.
cloudflare-workers-async-google-analytics © Sukka, Released under the MIT License.
Authored and maintained by Sukka with help from contributors (list).
Personal Website · Blog · GitHub @SukkaW · Telegram Channel @SukkaChannel · Twitter @isukkaw · Keybase @sukka
FAQs
The Cloudflare Workers implementation of an async Google Analytics
The npm package cfga receives a total of 45 weekly downloads. As such, cfga popularity was classified as not popular.
We found that cfga demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.