The default method for determining which protocol to access google-analytics.com via javascript should be altered. That is,

<script type="text/javascript">
<!--//--><![CDATA[//><!--
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
//--><!]]>
</script>

should be replaced with a PHP method to detect a secure/non-secure connection.

The reason for this is that the document.write method is not a supported feature of XHTML and as such is invalid in an XHTML strict doctype.
See http://groups.google.com/group/analytics-help-troubleshoot/msg/e712ab273... for a more formal explanation.

One way of accomplishing the same via PHP is the following method:

$gaJsHost = ($_SERVER['HTTPS'] == 'on') ? 'https://ssl.' : 'http://www.';
print '<script type="text/javascript" src="'.$gaJsHost.'google-analytics.com/ga.js"></script>';

This will ensure that the module works properly on any template system regardless of doctype.

This is my first issue ticket so I apologize if I did not provide enough documentation or didn't follow specific guidelines. Please be gentle.

Comments

hass’s picture

hass commented
Status: Active » Closed (works as designed)

This is incorrect! CDATA makes sure it is compliant. Detecting HTTPS on PHP level is not save for web accelerators / loadbalancers.

<!--//--><![CDATA[//><!--

//--><!]]>
hass’s picture

hass commented
Category: bug » support
Status: Closed (works as designed) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.