diff --git a/src/analytics/PosthogAnalytics.test.ts b/src/analytics/PosthogAnalytics.test.ts index 49af5eae9..096021c7f 100644 --- a/src/analytics/PosthogAnalytics.test.ts +++ b/src/analytics/PosthogAnalytics.test.ts @@ -14,6 +14,7 @@ import { beforeAll, afterAll, } from "vitest"; +import posthog, { type Properties } from "posthog-js"; import { PosthogAnalytics } from "./PosthogAnalytics"; import { mockConfig } from "../utils/test"; @@ -88,4 +89,45 @@ describe("PosthogAnalytics", () => { expect(PosthogAnalytics.instance.isEnabled()).toBe(true); }); }); + + describe("sanitizeProperties", () => { + beforeAll(() => { + vi.stubEnv("VITE_PACKAGE", "full"); + }); + + beforeEach(() => { + mockConfig({ + posthog: { + api_host: "https://api.example.com.localhost", + api_key: "api_key", + }, + }); + PosthogAnalytics.resetInstance(); + }); + + afterAll(() => { + vi.unstubAllEnvs(); + }); + + it("drops $initial_person_info from event properties", () => { + const initSpy = vi.spyOn(posthog, "init"); + expect(PosthogAnalytics.instance.isEnabled()).toBe(true); + + const sanitize = initSpy.mock.calls[0][1]?.sanitize_properties; + expect(sanitize).toBeDefined(); + + const sanitized = sanitize!( + { + $current_url: "https://call.example.com/some/private/path", + $initial_person_info: { + r: "https://example.com/referrer", + u: "https://call.example.com/some/private/path", + }, + } as Properties, + "anyEvent", + ); + + expect(sanitized).not.toHaveProperty("$initial_person_info"); + }); + }); }); diff --git a/src/analytics/PosthogAnalytics.ts b/src/analytics/PosthogAnalytics.ts index 6ec8f8c76..0ec67019d 100644 --- a/src/analytics/PosthogAnalytics.ts +++ b/src/analytics/PosthogAnalytics.ts @@ -173,6 +173,9 @@ export class PosthogAnalytics { .slice(0, 3) .join(""); + // drop $initial_person_info for increased privacy. + delete properties["$initial_person_info"]; + return properties; };