Ask for confirmation before granting Anonymous user a "view" permission on any website #11703
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
c: Usability
For issues that let users achieve a defined goal more effectively or efficiently.
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
Currently, granting "View" permission on the "anonymous" user is done without asking for permission. In one click, one may by mistake grant anyone access to view the reports for a given website.
-> In order to prevent any misclick or unexpected click, let's ask for a confirmation before granting anonymous user permission view permission on any website (via a yes/no model and a clear warning message).
Proposed message "You are about to grant the anonymous user the 'view' access to this website. This means your analytics reports and your visitors information will be publicly viewable by anyone even without a login. Are you sure you want to proceed?"
The text was updated successfully, but these errors were encountered: