feat: integrate Google Analytics event tracking and update CSP for script sources#30365
feat: integrate Google Analytics event tracking and update CSP for script sources#30365
Conversation
…ript sources - Added types for Google Analytics gtag and implemented event tracking in user registration flows. - Updated Content Security Policy to allow 'wasm-unsafe-eval' in script sources. - Refactored GA component to improve nonce handling and script loading strategy. - Cleaned up UTM info cookies after successful user registration.
dosubot bot added the size:L 
Summary of ChangesHello @CodingOnStar, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces comprehensive Google Analytics event tracking for user registration, enhancing our ability to monitor user acquisition channels. It also refines the Content Security Policy to support WebAssembly execution and improves the robustness of the Google Analytics script loading and nonce management. Additionally, it ensures proper cleanup of UTM tracking cookies post-registration. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request integrates Google Analytics event tracking for user registration and updates the Content Security Policy. The changes include refactoring the GA script loading for better performance and nonce handling, and adding event tracking for both OAuth and email-based sign-ups. My review focuses on potential security vulnerabilities and code quality improvements. I've identified an issue with the CSP being weakened and unsafe JSON parsing that could lead to runtime errors. I've also noted an opportunity to reduce code duplication by creating a shared utility function.
- Updated event tracking for user registration success to differentiate between registrations with and without UTM parameters in both OAuth and email flows. - Adjusted tracking event names accordingly to improve analytics accuracy.
There was a problem hiding this comment.
Pull request overview
This PR integrates Google Analytics event tracking into the user registration flow and refactors the GA component implementation. The changes enable tracking of user registration events with UTM parameters for both email and OAuth registration methods, while also updating the Content Security Policy configuration.
Key Changes:
- Added TypeScript type definitions for Google Analytics gtag API and created a utility function for sending GA events
- Refactored the GA component to extract nonce from CSP headers instead of using x-nonce, changing from async to sync component with modified script loading strategies
- Implemented UTM parameter tracking during user registration (email and OAuth) with cookie cleanup after successful registration
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| web/utils/gtag.ts | New utility function for sending Google Analytics events with type-safe parameters |
| web/middleware.ts | Added 'wasm-unsafe-eval' directive to script-src CSP to support WebAssembly |
| web/global.d.ts | Added TypeScript type definitions for gtag API and extended Window interface |
| web/app/signup/set-password/page.tsx | Integrated GA event tracking for email registration with UTM parameters and cookie cleanup |
| web/app/components/base/ga/index.tsx | Refactored to extract nonce from CSP header, changed script loading strategies, and converted from async to sync component |
| web/app/components/base/amplitude/AmplitudeProvider.tsx | Enabled attribution tracking plugin in Amplitude configuration |
| web/app/components/app-initializer.tsx | Added GA tracking for OAuth registration flow with UTM parameters and cleanup |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Refactored UTM info parsing into a reusable function to enhance code clarity and error handling. - Updated Content Security Policy to remove 'wasm-unsafe-eval' from script sources for better security compliance. - Adjusted Google Analytics event tracking to utilize the new UTM parsing function in user registration flows.
- Wrapped the GA component in React.memo to enhance performance by preventing unnecessary re-renders.
Summary
Checklist
dev/reformat(backend) andcd web && npx lint-staged(frontend) to appease the lint gods