Google Analytics should not be enabled in the staff interface
Bug #1466201 reported by
Galen Charlton
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
This bug is essentially a promotion of the following comment I made in bug 1452883:
"I suggest disabling Google Analytics outright in the staff client; there's far too much potential for leaking patron information."
Although a fix for bug 1452883 was pushed that got rid of the mixed-content warning messages, it still remains the case that enabling Google Analytics in the staff interface is both (a) a needless inclusion of a bit of Javascript that is extraneous to the functioning of the staff interface and (b) a potential vector for leaking patron information to a third party that has no business having it.
Evergreen master
tags: | removed: needsreleasenote |
Changed in evergreen: | |
milestone: | 2.9-alpha → 2.9-beta |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Working branch at http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ kmlussier/ lp1466201- remove- staff-google- analytics
Test plan:
Enable Google Analytics in config.tt2. Access the catalog in the
staff client. Click Debug to view the source code. Pre-patch, you'll see
the Google Analytics javascript within the head element. Post-patch, that
javascript will be gone. Viewing the source of a catalog page in a browser
should continue to show the Google Analytics javascript within the head element.