Add privacy-first GA4 to badseo.dev#79
Closed
bensenescu wants to merge 1 commit into
Closed
Conversation
Contributor
Author
|
Closing this copy because the requested review target is the origin repository. The replacement is https://github.com/bensenescu/open-seo/pull/380. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
G-7MXV9FH7SSbehind a fail-closed admin-verification gatebadseo.dev/privacy; the existingwebprivacy policy is unchangedRollout safety
GA4_ADMIN_VERIFIEDintentionally remains"false", so merging or deploying cannot load GA4 or show unnecessary controls. Before flipping it to"true", complete the checklist inbadseo/README.md: verify Account Data Sharing is off, 14-month retention, no Ads/User-ID/Signals or ad personalization, intended Enhanced Measurement only, and validate with Tag Assistant plus GA Realtime.Three independent final reviews—adversarial consent/security, CMP/privacy, and route/UI—found no high-confidence merge blockers.
Verification
Greptile Summary
This PR adds privacy-first GA4 support for
badseo.dev. The main changes are:GA4_ADMIN_VERIFIED, the GA4 measurement ID, KV, and rate-limit bindings./analytics-consentendpoint that rate-limits requests and appends consent events to Workers KV./privacypage and includes it in the sitemap and audit clean-page checks.Confidence Score: 5/5
Safe to merge with low risk.
The analytics path is gated and fails closed when verification or required bindings are absent. Consent grants require a successful same-origin KV ledger write before GA loads. Focused Playwright coverage exercises consent grants, withdrawals, retries, cross-tab state, and privacy routing.
No files require special attention.
What T-Rex did
Important Files Changed
badseo.devprivacy policy page describing optional GA4, consent storage, ledger retention, and withdrawal.Sequence Diagram
%%{init: {'theme': 'neutral'}}%% sequenceDiagram participant Browser participant Worker participant RateLimiter participant KV participant Google Browser->>Worker: Request analytics script alt Disabled gate or missing bindings Worker-->>Browser: Return cleanup script Browser->>Browser: Remove consent state and GA cookies else Enabled gate and bindings Worker-->>Browser: Return consent bootstrap script Browser->>Browser: Queue denied defaults and show UI Browser->>Worker: Post grant consent event Worker->>RateLimiter: Check rate limit RateLimiter-->>Worker: Allowed Worker->>KV: Append grant event with TTL KV-->>Worker: Saved Worker-->>Browser: Return recorded receipt Browser->>Browser: Persist receipt and grant analytics storage Browser->>Google: Load gtag script after consent Browser->>Worker: Post withdrawal event Worker->>KV: Append withdrawal event with TTL Worker-->>Browser: Return withdrawal receipt Browser->>Browser: Deny consent, clear cookies, reload if needed end%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% sequenceDiagram participant Browser participant Worker participant RateLimiter participant KV participant Google Browser->>Worker: Request analytics script alt Disabled gate or missing bindings Worker-->>Browser: Return cleanup script Browser->>Browser: Remove consent state and GA cookies else Enabled gate and bindings Worker-->>Browser: Return consent bootstrap script Browser->>Browser: Queue denied defaults and show UI Browser->>Worker: Post grant consent event Worker->>RateLimiter: Check rate limit RateLimiter-->>Worker: Allowed Worker->>KV: Append grant event with TTL KV-->>Worker: Saved Worker-->>Browser: Return recorded receipt Browser->>Browser: Persist receipt and grant analytics storage Browser->>Google: Load gtag script after consent Browser->>Worker: Post withdrawal event Worker->>KV: Append withdrawal event with TTL Worker-->>Browser: Return withdrawal receipt Browser->>Browser: Deny consent, clear cookies, reload if needed endReviews (1): Last reviewed commit: "Add privacy-first GA4 to badseo.dev" | Re-trigger Greptile