Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System check: don't display warning when piwik.js is not writable as long as no plugin need it #10855

Closed
mattab opened this issue Nov 12, 2016 · 1 comment
Closed

System check: don't display warning when piwik.js is not writable as long as no plugin need it #10855

mattab opened this issue Nov 12, 2016 · 1 comment
Labels
c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Milestone
Backlog (Help wan...

Comments

@mattab
Copy link
Member

mattab commented Nov 12, 2016
edited

Currently the system check issues a warning when the piwik.js file is not writable.

The feature of editing piwik.js file to add custom JS code is very useful for providing advanced JavaScript integrations such as was done for Media Analytics and AB Testing.

On the other hand:

  • for most users at the moment, the piwik.js does not need to be writable as all core features are included in the file already.
  • as a best practise for optimal security, or in some particular deploy scenario, one simply cannot make the file writable...

So because of these two points I propose that we could:

  • Don't Warn in system check but instead display an info (as long as no plugin requires to hook into the piwik.js. if a plugin requires piwik.js then, display warn)
  • Change the message eg. replace In the future even some core features might not work as expected. by In the future, some of your plugins might not work as expected. or so

Reported in #10706
@mattab mattab added this to the 3.0.0 milestone Nov 12, 2016
@mattab mattab added c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. labels Nov 12, 2016
@mattab mattab mentioned this issue Nov 12, 2016
Closed
@tsteur
Copy link
Member

tsteur commented Nov 12, 2016

We should still warn because we eventually would like to refactor all plugins and make more use of it. Otherwise people will never make it writable. Also it is only a warning, not an error so people can ignore it if they choose so. It will save us a lot of pain over time when it is a warning and when people do make it writable.

@mattab mattab closed this as completed Dec 6, 2016
@mattab mattab added the wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it. label Dec 6, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Projects
None yet
Milestone
Backlog (Help wanted)
Development

No branches or pull requests
2 participants
@tsteur @mattab