@MichaelHeerklotz opened this Pull Request on November 7th 2018 Contributor

When using the 3rd party cookie, and tracking to piwik with AJAX, the request will (must) include the 3rd party cookie (see https://github.com/matomo-org/matomo/pull/13159 ).

It is already possible to set "cors_domains[] = " in config.ini.php to allow this.
However "The value of
is special in that it does not allow requests to supply credentials, meaning it does not allow HTTP authentication, client-side SSL certificates, or cookies to be sent in the cross-domain request." (see https://en.wikipedia.org/wiki/Cross-origin_resource_sharing ).

Thus this change avoids the "*" value and also adds the 'Vary: Origin' header.

Powered by GitHub Issue Mirror