Skip to content

[RUN ALL RSPEC] [RUN AS-IF-FOSS] Pseudonymization of URLs - Frontend

Axel García requested to merge 338320-pseudonymization-of-urls-frontend into master

What does this MR do?

Related to #338320 (closed) & related to Epic &6551 (closed) (with detailed discussion).

Snowplow events from the browser include the current page URL and referrer. This MR implements the replacement of identifiable data in these (group name, username, project name) with anonymized strings:

- https://gitlab.com/my-group/my-awesome-project/-/merge_requests/3/edit
+ https://gitlab.com/namespace:4/project:2/-/merge_requests/3/edit
Example payload (see url, refr)
{
   "schema":"iglu:com.snowplowanalytics.snowplow/payload_data/jsonschema/1-0-4",
   "data":[
      {
         "e":"pp",
         "url":"https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68618",
         "page":"Draft: \"Pseudonymization of URLs - Frontend\" · Merge requests · GitLab.org / GitLab · GitLab",
         "refr":"https://gitlab.com/gitlab-org/gitlab/-/issues/338320",
         "pp_mix":"0",
         "pp_max":"0",
         "pp_miy":"0",
         "pp_may":"0",
         "tv":"js-2.17.3",
         "tna":"gl",
         "aid":"gitlab",
         "p":"web",
         "tz":"America/Santiago",
         "lang":"en-US",
         "cs":"UTF-8",
         "f_pdf":"1",
         "f_qt":"0",
         "f_realp":"0",
         "f_wma":"0",
         "f_dir":"0",
         "f_fla":"0",
         "f_java":"0",
         "f_gears":"0",
         "f_ag":"0",
         "res":"...",
         "cd":"30",
         "cookie":"1",
         "eid":"...",
         "dtm":"1629780452177",
         "cx":"...",
         "vp":"...",
         "ds":"...",
         "vid":"1072",
         "sid":"...",
         "duid":"...",
         "stm":"1629780452181"
      }
   ]
}

Screencast

Pseudonymized URLs and referrer log while browsing through the site

A6dQKh78bF

How to setup and validate locally

  1. Follow the instructions in our docs to enable Snowplow locally, if you haven't done so.
  2. Turn on the mask_page_urls feature flag.
  3. Browse through the site and trigger any Snowplow event (regular page views (entering the page) and page pings (regular activity in the page) are supported as well). For example, you can go to http://127.0.0.1:3000/gitlab-org/gitlab-test/-/merge_requests and browse the MRs from there.
  4. Verify the Snowplow testing tool of your choice, no instance of gitlab-org (group/namespace) or gitlab-test (project) should be found.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Axel García

Merge request reports