Remote Script Loading in @amplitude/analytics-browser Violates Chrome Extension Manifest V3 Policies
#859
Labels
bug
Something isn't working
Comments
|
+1, I have the same issue |
|
+1, just got my extension update rejected because of this |
|
+1 |
2 similar comments
|
+1 |
|
+1 |
|
Hi, thanks for choosing Amplitude. We are working on a fix for it. For a workaround, please use a version <= 2.9.3. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Summary
The latest version of
@amplitude/analytics-browserincludes a reference to a remotely hosted script (https://cdn.amplitude.com/libs/visual-tagging-selector-1.0.0-alpha.js.gz). This script is loaded during the operation of the library, which conflicts with Google Chrome Extension Manifest V3 policies. These policies prohibit the inclusion of any remotely hosted code to ensure the security and integrity of Chrome Extensions.Steps to Reproduce
@amplitude/analytics-browser.Expected Behavior
The
@amplitude/analytics-browserlibrary should not load any remote scripts to comply with Chrome Extension Manifest V3 policies. Instead, all required scripts should be included within the extension package.Current Workaround
Downgrading to version
2.9.2of@amplitude/analytics-browserresolves the issue as this version does not include the problematic remote script.Request
Please consider removing the remote script loading in future versions of
@amplitude/analytics-browseror providing an option to disable this behavior. This change is essential for users who need to comply with Chrome Extension security requirements.Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered: