Conversation
Scripts like GTM and GA4 are often blocked by ad blockers and privacy extensions when loaded from third-party domains, leading to data loss. Third-party cookie deprecation further limits tracking durability. This change proxies GTM scripts and analytics beacons through the Trusted Server, establishing a first-party context. It automatically rewrites HTML tags and script content to point to local proxy endpoints, bypassing blockers and extending cookie life. Includes: Proxy endpoints for gtm.js and /collect Content rewriting for redirecting internal GTM calls Configuration and integration tests Resolves: #224
Adds comprehensive tests for: - GTM configuration parsing and default values - HTML processor pipeline integration - Response body rewriting logic
aram356
left a comment
aram356
left a comment
There was a problem hiding this comment.
🔧 Please make sure checks pass before assigning to review.
aram356
left a comment
aram356
left a comment
There was a problem hiding this comment.
Good start. Need to address specific items and the following.
Duplicated rewrite logic across three places
The GTM URL rewriting logic exists in three separate methods: rewrite_gtm_script(), IntegrationAttributeRewriter::rewrite(), and IntegrationScriptRewriter::rewrite(). Each handles a slightly different set of patterns. This is error-prone — a new URL pattern needs to be added in multiple places.
…, set default enablement to false, and update documentation for handling
| } | ||
|
|
||
| fn selector(&self) -> &'static str { | ||
| "script" // Match all scripts to find inline GTM snippets |
There was a problem hiding this comment.
❓ Why this selector we already register "src" at line 240? Unless we have something like this
<script>
(function(w,d,s,l,i){...j.src='https://www.googletagmanager.com/gtm.js?id='+i...})(window,document,'script','dataLayer','GTM-XXXX');
</script>
Can you doublecheck?
|
|
||
| log::debug!("Proxying to upstream: {}", target_url); | ||
|
|
||
| let mut proxy_config = ProxyRequestConfig::new(&target_url); |
There was a problem hiding this comment.
🔧 Make sure to configure not forward synthetic_id via
proxy_config.forward_synthetic_id = false;
| fastly::http::header::CONTENT_TYPE, | ||
| "application/javascript; charset=utf-8", | ||
| ) | ||
| .with_header(fastly::http::header::CACHE_CONTROL, "public, max-age=3600"); |
There was a problem hiding this comment.
⛏️ Use cache max age setting
#[serde(default = "default_cache_max_age")]
pub cache_max_age: u32,
fn default_cache_max_age() -> u32 {
900 // Match Google's default
}
2 participants
Scripts like GTM and GA4 are often blocked by ad blockers or privacy extensions when loaded from third-party domains, leading to data loss. Third-party cookie deprecation further limits tracking durability.
This change transparently proxies GTM scripts and analytics beacons through the Trusted Server, establishing a first-party context. It automatically rewrites HTML tags and script content to point to local proxy endpoints, bypassing blockers and extending cookie life.
Includes:
gtm.jsand/collectwith optimal caching (1h TTL) and strict validationResolves: #224