32269 - Remove hotjar (#3598)

seeker25 · web-flow · commit ebc423940b2e · 2026-02-05T11:09:36.000-08:00
diff --git a/auth-web/.env.example b/auth-web/.env.example
@@ -65,8 +65,5 @@ VUE_APP_KEYCLOAK_AUTH_URL="https://dev.loginproxy.gov.bc.ca/auth"
 VUE_APP_KEYCLOAK_REALM="bcregistry"
 VUE_APP_KEYCLOAK_CLIENTID="connect-web"
 
-# vaults hotjar
-VUE_APP_HOTJAR_ID=
-
 # Google Analytics
 VUE_APP_GTAG_ID=
diff --git a/auth-web/.env.test.example b/auth-web/.env.test.example
@@ -67,5 +67,3 @@ VUE_APP_KEYCLOAK_AUTH_URL="https://test.loginproxy.gov.bc.ca/auth"
 VUE_APP_KEYCLOAK_REALM="bcregistry"
 VUE_APP_KEYCLOAK_CLIENTID="connect-web"
 
-#vaults hotjar
-VUE_APP_HOTJAR_ID=
diff --git a/auth-web/devops/vaults.env b/auth-web/devops/vaults.env
@@ -65,8 +65,5 @@ VUE_APP_KEYCLOAK_AUTH_URL="op://keycloak/$APP_ENV/base/KEYCLOAK_AUTH_BASE_URL"
 VUE_APP_KEYCLOAK_REALM="op://keycloak/$APP_ENV/base/KEYCLOAK_REALMNAME"
 VUE_APP_KEYCLOAK_CLIENTID="op://keycloak/$APP_ENV/account-web/UI_KEYCLOAK_RESOURCE_NAME"
 
- #vaults hotjar
-VUE_APP_HOTJAR_ID="op://hotjar/$APP_ENV/auth-web/HOTJAR_ID"
-
 # vaults google-analytics
 VUE_APP_GTAG_ID="op://google-analytics/$APP_ENV/developer/GTAG"
diff --git a/auth-web/firebase.json b/auth-web/firebase.json
@@ -21,7 +21,7 @@
             { "key" : "X-XSS-Protection", "value" : "1; mode=block" },
             {
               "key": "Content-Security-Policy",
-              "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.hotjar.com https://*.cac1.pure.cloud; connect-src 'self' *.run.app *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net wss://*.hotjar.com *.hotjar.io https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' https://*.cac1.pure.cloud;"
+              "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gov.bc.ca *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com; font-src 'self' *.gov.bc.ca *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: https://*.cac1.pure.cloud; connect-src 'self' *.run.app *.gov.bc.ca *.launchdarkly.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' https://*.cac1.pure.cloud;"
             },
             { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate"},
             { "key": "Pragma", "value": "no-cache"},
diff --git a/auth-web/nginx.conf b/auth-web/nginx.conf
@@ -40,7 +40,7 @@ http {
     add_header X-Frame-Options "DENY";
 
     # Content Security Policy
-    add_header Content-Security-Policy "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gov.bc.ca *.hotjar.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com; img-src 'self' *.hotjar.com data:; connect-src 'self' *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io wss://*.hotjar.com *.hotjar.io; manifest-src 'self';";
+    add_header Content-Security-Policy "default-src 'self'; frame-src 'self' *.gov.bc.ca; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gov.bc.ca *.googleapis.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.cloudflare.com; img-src 'self' data:; connect-src 'self' *.gov.bc.ca *.launchdarkly.com *.postescanada-canadapost.ca *.sentry.io; manifest-src 'self';";
 
     listen 8080;
     server_name _;
diff --git a/auth-web/package-lock.json b/auth-web/package-lock.json
diff --git a/auth-web/package.json b/auth-web/package.json
@@ -43,7 +43,6 @@
     "vue-auto-resize": "^1.0.1",
     "vue-debounce-decorator": "^1.0.1",
     "vue-gtag": "^1.16.1",
-    "vue-hotjar": "^1.4.0",
     "vue-i18n": "8.28.2",
     "vue-i18n-composable": "^1.0.0",
     "vue-loader": "^15.9.2",
diff --git a/auth-web/src/main.ts b/auth-web/src/main.ts
@@ -4,7 +4,6 @@ import { PiniaVuePlugin, createPinia, setActivePinia } from 'pinia'
 import App from './App.vue'
 import CommonUtils from '@/util/common-util'
 import ConfigHelper from '@/util/config-helper'
-import Hotjar from 'vue-hotjar'
 import KeyCloakService from 'sbc-common-components/src/services/keycloak.services'
 import LaunchDarklyService from 'sbc-common-components/src/services/launchdarkly.services'
 // eslint-disable-next-line sort-imports
@@ -48,14 +47,6 @@ ConfigHelper.saveConfigToSessionStorage().then(async () => {
   // addressCompleteKey is for canada post address lookup, which is to be used in sbc-common-components
   (<any>window).addressCompleteKey = ConfigHelper.getAddressCompleteKey()
 
-  // initialize Hotjar
-  const hotjarId = ConfigHelper.getHotjarId();
-  (<any>window).hotJarId = hotjarId
-  if (hotjarId) {
-    console.info('Initializing Hotjar...') // eslint-disable-line no-console
-    Vue.use(Hotjar, { id: hotjarId })
-  }
-
   await syncSession()
   renderVue()
 })
diff --git a/auth-web/src/util/config-helper.ts b/auth-web/src/util/config-helper.ts
@@ -188,10 +188,6 @@ export default class ConfigHelper {
     return `${import.meta.env.VUE_APP_REGISTRY_SEARCH_URL}`
   }
 
-  static getHotjarId () {
-    return `${import.meta.env.VUE_APP_HOTJAR_ID}`
-  }
-
   static getLdClientId () {
     return `${import.meta.env.VUE_APP_AUTH_LD_CLIENT_ID}`
   }

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`{ "key" : "X-XSS-Protection", "value" : "1; mode=block" },`
`22`	`22`	`{`
`23`	`23`	`"key": "Content-Security-Policy",`
`24`		- "value": "default-src 'self'; frame-src 'self' .gov.bc.ca .hotjar.com .googleapis.com https://.nr-data.net https://.newrelic.com https://.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gov.bc.ca .hotjar.com .googleapis.com https://.nr-data.net https://.newrelic.com https://.cac1.pure.cloud; style-src 'self' 'unsafe-inline' .cloudflare.com .googleapis.com; font-src 'self' .gov.bc.ca .hotjar.com .cloudflare.com .googleapis.com .gstatic.com .jsdelivr.net; img-src 'self' data: .hotjar.com https://.cac1.pure.cloud; connect-src 'self' .run.app .gov.bc.ca .launchdarkly.com .hotjar.com .postescanada-canadapost.ca .sentry.io .apigee.net wss://.hotjar.com .hotjar.io https://.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://.newrelic.com https://.cac1.pure.cloud wss://.cac1.pure.cloud; manifest-src 'self'; media-src 'self' https://.cac1.pure.cloud; object-src 'self' https://.cac1.pure.cloud; child-src 'self' https://.cac1.pure.cloud;"
	`24`	+ "value": "default-src 'self'; frame-src 'self' .gov.bc.ca .googleapis.com https://.nr-data.net https://.newrelic.com https://.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gov.bc.ca .googleapis.com https://.nr-data.net https://.newrelic.com https://.cac1.pure.cloud; style-src 'self' 'unsafe-inline' .cloudflare.com .googleapis.com; font-src 'self' .gov.bc.ca .cloudflare.com .googleapis.com .gstatic.com .jsdelivr.net; img-src 'self' data: https://.cac1.pure.cloud; connect-src 'self' .run.app .gov.bc.ca .launchdarkly.com .postescanada-canadapost.ca .sentry.io .apigee.net https://.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://.newrelic.com https://.cac1.pure.cloud wss://.cac1.pure.cloud; manifest-src 'self'; media-src 'self' https://.cac1.pure.cloud; object-src 'self' https://.cac1.pure.cloud; child-src 'self' https://*.cac1.pure.cloud;"
`25`	`25`	`},`
`26`	`26`	`{ "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate"},`
`27`	`27`	`{ "key": "Pragma", "value": "no-cache"},`
Original file line number	Diff line number	Diff line change
`@@ -188,10 +188,6 @@ export default class ConfigHelper {`
`188`	`188`	return `${import.meta.env.VUE_APP_REGISTRY_SEARCH_URL}`
`189`	`189`	`}`
`190`	`190`
`191`		`- static getHotjarId () {`
`192`		- return `${import.meta.env.VUE_APP_HOTJAR_ID}`
`193`		`- }`
`194`		`-`
`195`	`191`	`static getLdClientId () {`
`196`	`192`	return `${import.meta.env.VUE_APP_AUTH_LD_CLIENT_ID}`
`197`	`193`	`}`