Google Analytics should not be enabled in the staff interface

Bug #1466201 reported by Galen Charlton
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

This bug is essentially a promotion of the following comment I made in bug 1452883:

"I suggest disabling Google Analytics outright in the staff client; there's far too much potential for leaking patron information."

Although a fix for bug 1452883 was pushed that got rid of the mixed-content warning messages, it still remains the case that enabling Google Analytics in the staff interface is both (a) a needless inclusion of a bit of Javascript that is extraneous to the functioning of the staff interface and (b) a potential vector for leaking patron information to a third party that has no business having it.

Evergreen master

Tags: pullrequest
Revision history for this message
Kathy Lussier (klussier) wrote :

Working branch at;a=shortlog;h=refs/heads/user/kmlussier/lp1466201-remove-staff-google-analytics

Test plan:

Enable Google Analytics in config.tt2. Access the catalog in the
staff client. Click Debug to view the source code. Pre-patch, you'll see
the Google Analytics javascript within the head element. Post-patch, that
javascript will be gone. Viewing the source of a catalog page in a browser
should continue to show the Google Analytics javascript within the head element.

tags: added: pullrequest
Revision history for this message
Ben Shum (bshum) wrote :

Tagging this for review during 2.9. Probably should get a short release note.

Changed in evergreen:
milestone: none → 2.9-alpha
status: New → Confirmed
importance: Undecided → Wishlist
tags: added: needsreleasenote
Revision history for this message
Ben Shum (bshum) wrote :

Added a release note and this has been pushed to master for inclusion in 2.9. Thanks Kathy (and Galen too)!

Changed in evergreen:
status: Confirmed → Fix Committed
Ben Shum (bshum)
tags: removed: needsreleasenote
Changed in evergreen:
milestone: 2.9-alpha → 2.9-beta
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.