External script loading triggers Chrome Web Store rejection

[kyranjamie]

Our team @leather-io authors a Web Extension released to the Chrome Web Store. Our extension publish has seen a rejection owning to Segment's use of external script loading.

As part of the Manifest v3 update, extensions are not allowed to remotely load code. This is a complete blocker for all MV3 extensions that use Segment.

In 2023, I opened an MV3 issues before regarding better support for services workers, which has so far not been prioritised by Segment #907

Rejection email

Offending code here

analytics-next/packages/browser/src/lib/parse-cdn.ts

Lines 64 to 87 in 4e0cb63

	export function getLegacyAJSPath(): string {
	const writeKey = embeddedWriteKey() ?? getGlobalAnalytics()?._writeKey
	const scripts = Array.prototype.slice.call(
	document.querySelectorAll('script')
	)
	let path: string | undefined = undefined
	for (const s of scripts) {
	const src = s.getAttribute('src') ?? ''
	const result = analyticsScriptRegex.exec(src)
	if (result && result[1]) {
	path = src
	break
	}
	}
	if (path) {
	return path.replace('analytics.min.js', 'analytics.classic.js')
	}
	return `https://cdn.segment.com/analytics.js/v1/${writeKey}/analytics.classic.js`
	}

The only way we've managed to fix this so far, is by using our bundler to override this fn with the remote injection code overridden.

[silesky]

@kyranjamie -- If that's the only blocker, feel free to create a PR to remove this fallback. analytics.classic.js has been EoL'd for well over a year, and it seems reasonable to remove it. (Of course, analytics.js is, by nature, a remote destination-loader...)

In 2023, I opened an MV3 issues before regarding better support for services workers, which has so far not been prioritised by Segment #907

I'm sympathetic, but unfortunately, I don't have control over the prioritization. I would love to support chrome extensions/service workers etc, but I am split between so many things it’s almost like I’m supporting analytics.js as a side project, so significant feature development has been on hold. Hopefully will have help soon. The only workaround I can offer is: use the @segment/analytics-node library with flushAt: 1 if you just need a simple client, don't need destinations, and can manage UserID yourself. It's designed to run in a browser context, and is basically like using the raw HTTP API.

Escalating tickets through support can sometimes influence the roadmap, particularly if you are a high-tier customer.