New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Append token_auth to sparkline urls for embedded widgets #13963
Conversation
if (token_auth.length) { | ||
urlParams.token_auth = token_auth; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this means the token will become stored in the browser cache? I guess it can't be avoided in this case, but would it be a bit better if we only added it if in the widgetized iframe? So if someone adds the token auth to a URL when not in a widgetized whatever, it won't get added to every sparkline URL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I copied that from here:
https://github.com/matomo-org/matomo/blob/3.x-dev/plugins/CoreHome/javascripts/sparkline.js#L31-L35
But guess makes sense to replace both places and check if module
parameter is Widgetize
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 makes sense to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally and noticed the token_auth is always added to the sparklines when token_auth is in the URL due to https://github.com/matomo-org/matomo/blob/3.x-dev/plugins/CoreVisualizations/Visualizations/Sparklines/Config.php#L339. Doesn't affect the single metric view widget since that is done client side. Not sure if it's worth changing this.
Otherwise works well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think it's worth. Won't be as easy to check if token_auth is required or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The JavaScript would add it back if it's required, right?
fixes #13625