phpjavascriptgoogle-analyticssame-origin-policy

How does google analytics avoid same origin policy?


I had an idea for a project involving a Javascript terminal utilising a specified PHP script as a server to carry out remote functions. I understand that the same origin policy would be an obstacle with such a project, but looking at google analytics, which I use every day, it seems they have a way of avoiding the problem on a huge scale.


Solution

  • Google Analytics, Google AdWords and practically all other analytics/web-marketing platforms use <img> tags.

    They load their JS programs, those programs handle whatever tracking you put on the page, then they create an image and set the source of the image to be equal to whatever their server's domain is, plus add all of your tracking information to the query string.

    The crux is that it doesn't matter how it gets there:
    the server is only concerned about the data which is inside of the URL being called, and the client is only concerned about making a call to a specific URL, and not in getting any return value.
    Thus, somebody chose <img> years and years ago, and companies have been using it ever since.