Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a way to disable the request to "analytics.plasmic.app/capture" #83

Open
donalffons opened this issue May 16, 2023 · 3 comments
Open

Is there a way to disable the request to "analytics.plasmic.app/capture" #83

donalffons opened this issue May 16, 2023 · 3 comments

Comments

@donalffons
Copy link

image

I'm in the EU and had some customers here are very sensitive with requests being made to non-EU servers. Depending on who you ask, this might be a deal breaker for certain projects, as it requires the user's IP address (as well as other bits of "personal information", like user agent and operating system) to be transmitted to a server outside of the EU.

For some context: I'm having a NextJS site that is using several Plasmic Components via @plasmicapp/loader-nextjs . The request seems to be made when using the <PlasmicRootProvider /> component.
@yang
Copy link
Contributor

yang commented May 19, 2023

Thanks for the question! We do have customers in the EU, and generally we take privacy compliance seriously. The analytics that you're seeing in this case actually do not collect any personal information such as IP address, and they also do not set any cookies. Currently it is possible to opt out of this by using codegen instead of the headless api, but in the future we should expose more nobs to let you opt out of this entirely. But for now, just wanted to share some details on how it works in case it unblocks you.

@donalffons
Copy link
Author

Thanks for your reply! It's good to know that this can be avoided by using codegen (although I have enjoyed the ease of use of the headless api a lot).

The analytics that you're seeing in this case actually do not collect any personal information such as IP address

I believe the client's IP address is sent with any HTTP request and used for transmitting the response (like in the Google Fonts drama I've linked to above)?! But I'm neither a lawyer nor a network engineer.

I don't have any immediate projects where this would be a deal breaker, but it's good to know that there is a way to avoid this and that you're working on an opt-out.

@jleider
Copy link

jleider commented Jul 25, 2023
edited

I just came across this issue because this url is not included in our content security policy (CSP) and I was wondering if we could disable it from even making the request. Seems like we can't disable the request (yet?) but you can certainly block it from making the request in the browser with a CSP. You just need to be able to live with the console errors in the browser dev tools.

I should note that we pre-render and serve the majority of our pages statically with nginx. I guess we aren't using the codegen that @yang mentioned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yang @jleider @donalffons