feat: replace GA4 and use GTM with data-click-event

[fairlighteth]

Summary

• Removes GA4 from cow.fi and exclusively loads GTM
• Replaces existing onClick tracking with a simple data attribute data-click-event
• All onclick tracking events are removed and will be handled on GTM going forward.
• Extra: add click to copy for manual RPC on /mev-blocker

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
cosmos	✅ Ready (Inspect)	Visit Preview	Nov 27, 2024 4:12pm
cowfi	✅ Ready (Inspect)	Visit Preview	Nov 27, 2024 4:12pm
explorer-dev	✅ Ready (Inspect)	Visit Preview	Nov 27, 2024 4:12pm
swap-dev	✅ Ready (Inspect)	Visit Preview	Nov 27, 2024 4:12pm
widget-configurator	✅ Ready (Inspect)	Visit Preview	Nov 27, 2024 4:12pm

[elena-zh]

Hey @fairlighteth , not sure how to test this , so checked that GA events are not fired (like I did in n #5056 PR.

As for the Mev Blocker copy button: thanks for adding it. I've noticed that on 1280-1540px screen width the icon is shifted to another line

Also, WDYT about adding to the Block explorer URL as well? :)

[fairlighteth]

@elena-zh

As for the Mev Blocker copy button: thanks for adding it. I've noticed that on 1280-1540px screen width the icon is shifted to another line

This is because the word is not breaking (the url) otherwise you'd get something like this:

which is not ideal. So would suggest to leave as is.

Added click to copy for all elements now.

[elena-zh]

@fairlighteth , got this. Thank you for clarification, and adding copy buttons to every field :)

[anxolin]

Soft approve

Looks fine technically, but

1. How do I test this? Maybe some test instructions on using this with tag manager. Also, nice to give some extra context on why this is important
2. There's always the security concern of allowing arbitrary JS injection to the accounts controlling Tag Manager. This has been flagged as a weak security policy, as it can be easy to replace the TRADE button link with a fake UI that would drain user funds. As I'm not responsible of security, I will just limit my part to inform @fedgiac and he can decide if we can look to the other side with this one

[fedgiac]

In general I have too little context to evaluate the impact of this change: I don't know why it's needed, what alternatives were considered, and especially how this is going to be managed.

To my very limited understanding, GTM allows people to execute arbitrary code on the webpage through the GTM console (in the standard case, for tracking purposes).

The security risk of this PR by itself is little I suppose (we just trust yet more code from Google), but the problem is how this is going to be used. If I recall correctly, in the past there was a strong push from marketing for implementing and providing liberal access to this tool, which I believe is an easy-to-overlook security risk.

Again, I don't have context on how this tooling is used and I certainly don't have the knowledge needed to manage Google Tag Manager and to advise for security, but I think we should avoid adding it unless absolutely necessary.