mirror of
https://github.com/Comfy-Org/ComfyUI_frontend.git
synced 2026-06-05 20:54:56 +00:00
e4d481f893
## Summary Hardens PostHog initialization in the cloud app and website with three missing config options identified during PostHog QA audit. ## Changes - **What**: Adds `person_profiles: 'identified_only'`, `cookie_domain: '.comfy.org'`, and `before_send` PII redaction hook to both PostHog init calls - **person_profiles**: Prevents anonymous Person records being created in PostHog for pre-auth visitors — only creates Person after `identify()` is called (matches website config which already had this) - **cookie_domain**: Enables cross-subdomain session stitching across `app.comfy.org`, `docs.comfy.org`, `www.comfy.org` — without this, each subdomain creates a separate PostHog session - **before_send**: Last-line PII guard — strips `email`, `prompt`, `user_email`, `$email` from event properties before transmission. Placed after `...serverConfig` spread so it cannot be overridden by remote config. ## Review Focus - `before_send` runs before GeoIP enrichment — deliberately does NOT drop `$ip` since country-code targeting needs it for the pricing experiment - `person_profiles: 'identified_only'` + anonymous flag evaluation: PostHog confirmed this still allows flag eval via `$anon_distinct_id`; stitched retroactively on `identify()` - `serverConfig` spread is before the three new fields — these take precedence over any remote config values (intentional for security/correctness) Closes MAR-233, MAR-235, MAR-236 --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Miles <miles@comfy.org> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: nav <nav@mac.lan> Co-authored-by: Miles Ryan <thedatalife@users.noreply.github.com>