Merge branch 'master' into DOC-173_google-coud-storage-link

markzegarelli · web-flow · commit 1f701aa59587 · 2021-05-25T20:25:22.000-07:00
diff --git a/src/connections/sources/catalog/libraries/website/javascript/index.md b/src/connections/sources/catalog/libraries/website/javascript/index.md
@@ -698,3 +698,33 @@ Analytics.js uses `localstorage` cookies if you have retries enabled, to keep tr
 For more information, visit the [Segment localstorage-retry library](https://github.com/segmentio/localstorage-retry).
 
 You can set the `debug` cookie to `analytics.js` to log debug messages from Analytics.js to the console.
+
+## Open source libraries
+
+Analytics.js 2.0 includes the following open source components:
+
+**uuid v2.0.0** ([https://github.com/lukeed/uuid](https://github.com/lukeed/uuid))
+Copyright Luke Edwards <[luke.edwards05@gmail.com](mailto:luke.edwards05@gmail.com)> ([lukeed.com](https://lukeed.com/))
+License: MIT License, available here: [https://github.com/lukeed/uuid/blob/master/license](https://github.com/lukeed/uuid/blob/master/license)
+
+**component-url v0.2.1** ([https://github.com/component/url](https://github.com/component/url))
+Copyright (c) 2014 Component 
+License: MIT License, available here: [https://github.com/component/url/blob/master/Readme.md](https://github.com/component/url/blob/master/Readme.md)
+
+**dset v2.0.1** ([https://github.com/lukeed/dset](https://github.com/lukeed/dset))
+Copyright (c) Luke Edwards <[luke.edwards05@gmail.com](mailto:luke.edwards05@gmail.com)> ([lukeed.com](https://lukeed.com/))
+License: MIT License, available here: [https://github.com/lukeed/dset/blob/master/license](https://github.com/lukeed/dset/blob/master/license)
+
+**js-cookie v2.2.1**
+Copyright (c) 2018 Copyright 2018 Klaus Hartl, Fagner Brack, GitHub Contributors
+ 	License: MIT License, available here: [https://github.com/js-cookie/js-cookie/blob/master/LICENSE](https://github.com/js-cookie/js-cookie/blob/master/LICENSE)
+
+**md5 v2.3.0** ([https://github.com/pvorb/node-md5](https://github.com/pvorb/node-md5))
+Copyright (c) 2011-2012, Paul Vorbach.
+Copyright (c) 2009, Jeff Mott.
+License: BSD-3-Clause “New” or “Revised” License, available at: 
+[https://github.com/pvorb/node-md5/blob/master/LICENSE](https://github.com/pvorb/node-md5/blob/master/LICENSE)
+
+**unfetch v4.1.0** ([https://github.com/developit/unfetch](https://github.com/developit/unfetch))
+Copyright (c) 2017 Jason Miller
+License: MIT License, available at: [https://github.com/developit/unfetch/blob/master/LICENSE.md](https://github.com/developit/unfetch/blob/master/LICENSE.md)
diff --git a/src/connections/sources/catalog/libraries/website/javascript/upgrade-to-ajs2.md b/src/connections/sources/catalog/libraries/website/javascript/upgrade-to-ajs2.md
@@ -31,4 +31,19 @@ Analytics.js sources will upgrade to Analytics.js 2.0 on the date below, accordi
 
 ## Revert to Analytics.js Classic
 
-Once a source moves to Analytics.js 2.0, you can follow the steps above in [Manual migration](#manual-migration) back to  roll back to Analytics.js Classic.
+Once a source moves to Analytics.js 2.0, you can follow the steps above in [Manual migration](#manual-migration) back to  roll back to Analytics.js Classic.
+
+## Cases that require additional intervention
+
+There are two cases where upgrading to Analytics.js 2.0 requires manual effort beyond enabling the Analytics.js 2.0 toggle.
+
+### When using in-domain instrumentation CDN aliasing
+
+If the source you intend to upgrade uses the in-domain instrumentation as well as a custom "Alias for analytics.js", then you should update the AJS snippet to the latest version (4.13.2 or higher) before you toggle on Analytics.js 2.0. 
+
+### When using a strict content security policy on the page 
+
+Analytics.js 2.0 asynchronously loads different pieces of the library as needed. If the source you're upgrading uses a strict Content Security Policy (CSP) that allows Javascript to be downloaded from specific locations, then you need to update the CSP to account for all the pieces used for Analytics.js 2.0. Therefore, beyond allowing the main analytics.min.js script, you should allow the following paths in your CSP: 
+- `https://cdn.segment.com/v1/projects/<WRITE_KEY>/settings`
+- `https://cdn.segment.com/analytics-next/bundles/*` 
+- `https://cdn.segment.com/next-integrations/integrations/*`
