Apex Code Development You need to sign in to do that
Don't have an account?
hksl Embedded Google Analytics code issue in Lightning Community
I am a beginner in building SalesForce Communities.
Dev org.
I am trying to integrate my community with Google Analytics.
So far Google Analytics does Not see my SF Community.
Could below warnings be the reason? If 'yes' - what to do about it? Many thanks.
--------------
I've created Lightning Community.
I went to Community Workspaces -> Builder -> Settings -> Advanced
and entered my "Google Analytics Tracking Code"
and entered Head Markup
<script>
.....
</script>
I am getting warning:
Check Your Head Markup
With the "Enable Stricter Content Security Policy for Lightning Components in Communities" critical update in sandbox and DE orgs, you have control over whether to enforce stricter CSP. When stricter CSP is activated, some of your existing head markup may not work correctly. Test your markup in your sandbox or DE orgs first before activating in live orgs in a future release.
For security purposes, we allow only the following tags, attributes, and values in the <head> section:
<base>: href, target
<link>: as, charset, crossorigin, disabled, href, hreflang, id, import, integrity, media, rel (only values of alternate, apple-touch-icon, apple-touch-icon-precomposed, apple-touch-startup-image, author, bookmark, external, help, icon, license, manifest, mask-icon, next, nofollow, noopener, noreferrer, pingback, prefetch, preload, prev, search, shortcut icon, stylesheet, and tag), relList, rev, sheet, sizes, target, title, type
<meta>: charset, content, http-equiv (only values of cleartype, content-type, content-language, and default-style), name, scheme
<title>: No attributes allowed
As i understand so far this warning has to do with "Stricter Content Security Policy for Lightning Components in Communities"
https://releasenotes.docs.salesforce.com/en-us/summer17/release-notes/rn_lightning_stricter_csp.htm
--------
AND warning "When activated, the Enable Stricter CSP for Lightning Components in Communities critical update might affect script tag behavior."
related to <script> tag in the Google Analytics code.
---------
"Critical Updates" page has:
Enable Stricter Content Security Policy for Lightning Components
The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This critical update enables stricter Content Security Policy (CSP) to mitigate the risk of cross-site scripting attacks. Stricter CSP is enforced only in sandboxes and Developer Edition orgs.
Activated
Enable Stricter Content Security Policy for Lightning Components in Communities
This critical update enables stricter Content Security Policy (CSP) in sandboxes and Developer Edition orgs for Lightning communities only. The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This update enables stricter CSP to mitigate the risk of cross-site scripting attacks.
Not Activated
---------------------------------------------
Dev org.
I am trying to integrate my community with Google Analytics.
So far Google Analytics does Not see my SF Community.
Could below warnings be the reason? If 'yes' - what to do about it? Many thanks.
--------------
I've created Lightning Community.
I went to Community Workspaces -> Builder -> Settings -> Advanced
and entered my "Google Analytics Tracking Code"
and entered Head Markup
<script>
.....
</script>
I am getting warning:
Check Your Head Markup
With the "Enable Stricter Content Security Policy for Lightning Components in Communities" critical update in sandbox and DE orgs, you have control over whether to enforce stricter CSP. When stricter CSP is activated, some of your existing head markup may not work correctly. Test your markup in your sandbox or DE orgs first before activating in live orgs in a future release.
For security purposes, we allow only the following tags, attributes, and values in the <head> section:
<base>: href, target
<link>: as, charset, crossorigin, disabled, href, hreflang, id, import, integrity, media, rel (only values of alternate, apple-touch-icon, apple-touch-icon-precomposed, apple-touch-startup-image, author, bookmark, external, help, icon, license, manifest, mask-icon, next, nofollow, noopener, noreferrer, pingback, prefetch, preload, prev, search, shortcut icon, stylesheet, and tag), relList, rev, sheet, sizes, target, title, type
<meta>: charset, content, http-equiv (only values of cleartype, content-type, content-language, and default-style), name, scheme
<title>: No attributes allowed
As i understand so far this warning has to do with "Stricter Content Security Policy for Lightning Components in Communities"
https://releasenotes.docs.salesforce.com/en-us/summer17/release-notes/rn_lightning_stricter_csp.htm
--------
AND warning "When activated, the Enable Stricter CSP for Lightning Components in Communities critical update might affect script tag behavior."
related to <script> tag in the Google Analytics code.
---------
"Critical Updates" page has:
Enable Stricter Content Security Policy for Lightning Components
The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This critical update enables stricter Content Security Policy (CSP) to mitigate the risk of cross-site scripting attacks. Stricter CSP is enforced only in sandboxes and Developer Edition orgs.
Activated
Enable Stricter Content Security Policy for Lightning Components in Communities
This critical update enables stricter Content Security Policy (CSP) in sandboxes and Developer Edition orgs for Lightning communities only. The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This update enables stricter CSP to mitigate the risk of cross-site scripting attacks.
Not Activated
---------------------------------------------