In June 2024, Google Ads sent out security warnings to websites that were using third-party libraries which used Polyfill.io and blocked Google Ads on these pages.
Why did this happen?
Polyfill was a popular JavaScript open source library used to support compatibility with older browsers. The domain polyfill.io, that was hosting this package, was acquired by a new owner in Feb, 2024. After the ownership change this domain was caught injecting malware on mobile devices.
Is Algolia using Polyfill.io?
Algolia moved away from using Polyfill some time ago and it's no longer a dependency in any of the latest versions of our libraries and integrations.
What should I do if I have received this warning?
Magento Users:
If you are still using an older version of the Magento extension you can remove the Polyfill.io library by following one of the procedures below:
- Upgrade the integration to the latest version (or at least 3.13.2). For more information, follow this guide.
- Whilst upgrading is the best step to keep your application secure, if you cannot upgrade you can overwrite this script using Magento best practices. You can find more information on this here https://www.algolia.com/doc/integration/magento-2/guides/create-a-custom-extension/?client=php.
Shopify Users:
If you installed Algolia frontend libraries before 2020 through the Shopify integration, you can remove the Polyfill.io library by following one of the procedures below:
- You can remove the reference to the Polyfill.io domain from your theme. The only concern of this scenario is that Algolia won’t properly render on really old browsers, like Internet Explorer and Opera.
- You can configure your theme through App Blocks, the new way of Algolia frontend installation to your theme. Please review the following docs for further details.
BigCommerce Users:
The polyfill.io dependency was removed from our integration as of version 1.15. Updating to the latest version of the integration is the recommended action for all BigCommerce users.