Add Google Tag Manager first-party integration#262
Conversation
Scripts like GTM and GA4 are often blocked by ad blockers and privacy extensions when loaded from third-party domains, leading to data loss. Third-party cookie deprecation further limits tracking durability. This change proxies GTM scripts and analytics beacons through the Trusted Server, establishing a first-party context. It automatically rewrites HTML tags and script content to point to local proxy endpoints, bypassing blockers and extending cookie life. Includes: Proxy endpoints for gtm.js and /collect Content rewriting for redirecting internal GTM calls Configuration and integration tests Resolves: #224
Adds comprehensive tests for: - GTM configuration parsing and default values - HTML processor pipeline integration - Response body rewriting logic
aram356
left a comment
aram356
left a comment
There was a problem hiding this comment.
🔧 Please make sure checks pass before assigning to review.
aram356
left a comment
aram356
left a comment
There was a problem hiding this comment.
Good start. Need to address specific items and the following.
Duplicated rewrite logic across three places
The GTM URL rewriting logic exists in three separate methods: rewrite_gtm_script(), IntegrationAttributeRewriter::rewrite(), and IntegrationScriptRewriter::rewrite(). Each handles a slightly different set of patterns. This is error-prone — a new URL pattern needs to be added in multiple places.
…, set default enablement to false, and update documentation for handling
…ID forwarding for GTM proxy requests
| ] | ||
| } | ||
|
|
||
| async fn handle( |
There was a problem hiding this comment.
POST analytics payloads are dropped while proxying GTM
Take a look at the failing tests I added here.
There was a problem hiding this comment.
Thanks @ChristianPavilonis, let me look into it.
| - **Bypass Ad Blockers**: Serving scripts from a first-party domain can prevent them from being blocked by some ad blockers and privacy extensions. | ||
| - **Extended Cookie Life**: First-party cookies set by these scripts are more durable in environments like Safari (ITP). | ||
| - **Performance**: Utilize edge caching for scripts. | ||
| - **Privacy Control**: Strips client IP addresses before forwarding data to Google. |
There was a problem hiding this comment.
…nctions, improving request configuration for beacons and scripts
3 participants
Scripts like GTM and GA4 are often blocked by ad blockers or privacy extensions when loaded from third-party domains, leading to data loss. Third-party cookie deprecation further limits tracking durability.
This change transparently proxies GTM scripts and analytics beacons through the Trusted Server, establishing a first-party context. It automatically rewrites HTML tags and script content to point to local proxy endpoints, bypassing blockers and extending cookie life.
Includes:
gtm.jsand/collectwith optimal caching (1h TTL) and strict validationResolves: #224