Conversation
There was a problem hiding this comment.
Some parts that I was personally confused about:
We need to inject s4a data into user apps so it gets sent along as tracking data to Segment.
Curious, why can't the s4a outer wrapper send this data directly to segment?
hosted: s4a/s4t/localhost
How can "localhost" be chosen if streamlitTracking is only exposed on S4A/S4T?
users database id in s4a, hashed for security reasons
Note that hashing isn't an infallible way of obscuring data (but I'm expecting that this is just one of many security measures.) What happens if the user database id is exposed?
frontend/src/lib/MetricsManager.ts
Outdated
| // Use the tracking data injected by S4A if the app is hosted there | ||
| private getHostTrackingData(): Record<string, unknown> { | ||
| if ( | ||
| window.location.origin.toLowerCase().endsWith(".streamlit.io") && |
There was a problem hiding this comment.
Is there a more specific prefix for S4A that we want to use? (share.streamlit.io, s4a.streamlit.io)?
I wonder if we'd want to someday e.g. host apps on docs.streamlit.io but not want to include those in metrics; but we can also just cross that bridge when we get there.
There was a problem hiding this comment.
Will double check the specificity of the prefix..
Regarding the docs.streamlit.io example tho.. if it's just a page that has some user apps in iFrames, it would need to set a value for window.streamlitTracking so the embedded user apps tracked it. So by doing nothing, nothing's tracked.
If I didn't get your example right let me know.
The S4A wrapper will have its own separate tracking as well (mainly for things happening in the dashboard), but we also want to tag core's data with some S4A attributes. |
That's a great point. I haven't given too much thought yet to how we'll add the Technically though it shouldn't need |
Well, one case I can think of... if we have any APIs that accept a I suppose if we used auto incrementing IDs then we could be exposing a range of IDs to 3rd parties so they could try to harvest data from multiple users, given the ID of one. But yea, just adding an additional security measure. |
| expect(mm.identify.mock.calls[0][1]).toMatchObject({ | ||
| authoremail: SessionInfo.current.authorEmail, | ||
| machineIdV1: SessionInfo.current.installationIdV1, | ||
| machineIdV2: SessionInfo.current.installationIdV2, |
There was a problem hiding this comment.
It looks like machineIdV1 and machineIdV2 should still belong in this object? It doesn't look like there's any conditional statements that would now remove these? Unless you're just covering these with the additional tests down below?
There was a problem hiding this comment.
Yea just moved the check for these into the tests below to make it a bit cleaner.
frontend/src/App.tsx
Outdated
| declare global { | ||
| interface Window { | ||
| streamlitDebug: any | ||
| streamlitTracking: Record<string, unknown> |
There was a problem hiding this comment.
Can you rename this to something clearer? Like streamlitShareMetadata or something?
Because "Streamlit tracking" could mean all sorts of things...
There was a problem hiding this comment.
Renamed to streamlitShareMetadata
| private static getHostTrackingData(): Record<string, unknown> { | ||
| if (isInChildFrame() && window.parent.streamlitShareMetadata) { | ||
| return pick(window.parent.streamlitShareMetadata, [ | ||
| "hosted", |
There was a problem hiding this comment.
Nit: can we rename this to "hostType" or "hostedAt" ?
Also, this can take values "s4a", "s4t", "localhost", right? But what if the app is in, say, Heroku? Should we have "other" as a valid string too? (Or replace "localhost" with "other" if Heroku shows as localhost today?)
There was a problem hiding this comment.
Sure, renaming to hostedAt
Currently we are only assigning S4A as a value to this and there are no restrictions on the list of values we can add.
So we can add other and localhost later on when we think of a way to detect and include this data.
| "repo", | ||
| "branch", | ||
| "mainModule", | ||
| "creatorId", |
There was a problem hiding this comment.
Just checking: on the metrics side we also have access to the app's URL, right? Or is that something we need to add to streamlitShareMetadata?
There was a problem hiding this comment.
In BigQuery we have the app's URL
# By karrie (7) and others # Via GitHub * develop: Removing cache option from main menu if s4a (streamlit#2149) Fix empty deploy page (streamlit#2148) Don't wait for unit tests before starting Cypress (streamlit#2142) Fix formatting of st.file_uploader docstring (streamlit#2141) Fix broken link in 0.68 changelog (streamlit#2144) Fix useEffect warning (streamlit#2137) Add global GTM container (streamlit#2128) Allow Streamlit server to handle Range Requests (streamlit#1967) rename hosted to hostedAt (streamlit#2132) Update change log Update notices Up version to 0.68.0 Rename hosted to hostedAt in tracking data (streamlit#2132) Inject tracking data (streamlit#2110) [Feature Branch] File uploader (streamlit#2130) links for docs (streamlit#2129) Upgrade ProtobufJS and fix build script (streamlit#2118) Refresh landing page (streamlit#2116) Improve docstrings + tutorials for Layout (streamlit#2117) Better 'streamlit run' error message when no extension provided (streamlit#2115) # Conflicts: # frontend/src/components/elements/Video/Video.tsx # frontend/src/components/widgets/FileUploader/FileUploader.test.tsx # frontend/src/components/widgets/FileUploader/FileUploader.tsx # frontend/src/lib/utils.ts
4 participants
What
How
window.parent.trackingDataData to inject:
Note