feat(analytics): first-party tracker via /_a (ADR-0006 Phase 2c)#43
Merged
Conversation
Switch the api.jellyrock.app footer tracker from cross-origin analytics.jellyrock.app/script.js to the same-origin /_a proxy (live since infra #27): <script defer src="/_a/script.js" data-website-id="…" data-host-url="https://api.jellyrock.app/_a"></script> Events POST to /_a/api/send → Caddy strips to umami's /api/send. Works under the current CSP (/_a/script.js is 'self'); shared CSP tightens in the final infra phase. analytics.jellyrock.app stays live as rollback (Bridge scope). Verified: jsdoc.json is valid JSON; footer embeds /_a/script.js + data-host-url with zero analytics.jellyrock.app references.
cewert
added a commit
that referenced
this pull request
May 31, 2026
…06 Phase 2c) (#44) #43 updated jsdoc.json (the config), but api-docs deploys by rsyncing the COMMITTED docs/ build artifact — it does not build on deploy — so the live site still served the cross-origin tracker. This regenerates the footer in the committed HTML to match the updated jsdoc.json. Uniform, surgical swap across all 545 generated pages: - src="https://analytics.jellyrock.app/script.js" + src="/_a/script.js" … data-host-url="https://api.jellyrock.app/_a" Identical to what `npm run build` now emits (jsdoc.json is already first-party on main), so the next code-update regeneration produces no footer diff. Events POST to /_a/api/send → Caddy strips to umami /api/send. analytics.jellyrock.app stays live as rollback (Bridge).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 2c of ADR-0006. Switches the api-docs footer Umami embed from cross-origin
analytics.jellyrock.app/script.jsto the same-origin first-party proxy (/_a/script.js), live since infra #27.https://api.jellyrock.app/_a/api/send→ Caddy strips/_a→ umami/api/send./_a/script.jsis'self'. Shared CSP tightens in the final infra phase.analytics.jellyrock.appstays live as rollback (Bridge).Verification
jsdoc.jsonis valid JSON; footer embeds/_a/script.js+data-host-url, 0 legacy origin refs.analytics-health.sh --only api-docs→ first-party/ok.