Google Analytics should not be enabled in the staff interface

Bug #1466201 reported by Galen Charlton on 2015-06-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

This bug is essentially a promotion of the following comment I made in bug 1452883:

"I suggest disabling Google Analytics outright in the staff client; there's far too much potential for leaking patron information."

Although a fix for bug 1452883 was pushed that got rid of the mixed-content warning messages, it still remains the case that enabling Google Analytics in the staff interface is both (a) a needless inclusion of a bit of Javascript that is extraneous to the functioning of the staff interface and (b) a potential vector for leaking patron information to a third party that has no business having it.

Evergreen master

Kathy Lussier (klussier) wrote :

Working branch at;a=shortlog;h=refs/heads/user/kmlussier/lp1466201-remove-staff-google-analytics

Test plan:

Enable Google Analytics in config.tt2. Access the catalog in the
staff client. Click Debug to view the source code. Pre-patch, you'll see
the Google Analytics javascript within the head element. Post-patch, that
javascript will be gone. Viewing the source of a catalog page in a browser
should continue to show the Google Analytics javascript within the head element.

tags: added: pullrequest
Ben Shum (bshum) wrote :

Tagging this for review during 2.9. Probably should get a short release note.

Changed in evergreen:
milestone: none → 2.9-alpha
status: New → Confirmed
importance: Undecided → Wishlist
tags: added: needsreleasenote
Ben Shum (bshum) wrote :

Added a release note and this has been pushed to master for inclusion in 2.9. Thanks Kathy (and Galen too)!

Changed in evergreen:
status: Confirmed → Fix Committed
Ben Shum (bshum) on 2015-07-28
tags: removed: needsreleasenote
Changed in evergreen:
milestone: 2.9-alpha → 2.9-beta
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers