@katebutler opened this Pull Request on November 21st 2019 Member

Part of #14395 (allowing opt-out to work in Chrome on HTTP sites), also related to #6505

@tsteur commented on December 7th 2019 Member

@Findus23 @MichaelHeerklotz any chance you could give this PR a test as well?

@tsteur commented on December 10th 2019 Member

I was just testing the opt out. I was embedding the opt out into an html page and opted out. The third party ignore cookie was set. Then I added the tracking code to the same site. I then reloaded the page and it was suddenly saying

You are not opted out

Even though it should say

You are opted out

The problem is that it seems to only check for the first party cookie but not for the third party cookie status here:

image

This will be pretty much the behaviour for all Matomo sites as none of the visitors that previously unsubscribed would have the first party ignore cookie yet. So it is important to only show "You are not opted out" if neither the first nor the third party ignore cookie is set. If either of them is set, we assume the user is opted out.

I then opted out, and it was saying "opted out" after I clicked on it. However, when I reloaded the page, it was saying again "not opted out".

  • We should double check that the user was actually opted out before changing the status of the checkbox ideally. And if it didn't change the status, maybe we could show a message explaining the user it didn't work and to retry or to contact the website owner? Maybe could even adjust the message if the opt out is running on http? @mattab Any thoughts? It would basically not work when the site is embedded using http and the user does not have the tracking code on the same page or the opt out iframe domain does not match the tracker domain... In other cases either the first or the third party cookie should work... This message would be shown to actual visitors...
  • I noticed it was actually not changing the status because I had disableCookies in my tracking code (https://matomo.org/faq/general/faq_157/). I wonder if we need to still execute the methods forgetConsentGiven and rememberConsentGiven even when cookies are disabled? @Findus23 @mattab

Stopped testing afterwards.

@mattab commented on December 11th 2019 Member

We should double check that the user was actually opted out before changing the status of the checkbox ideally.

that'd be great.

And if it didn't change the status, maybe we could show a message explaining the user it didn't work and to retry or to contact the website owner? Maybe could even adjust the message if the opt out is running on http? @mattab Any thoughts? It would basically not work when the site is embedded using http and the user does not have the tracking code on the same page or the opt out iframe domain does not match the tracker domain...

If it's possible then be great to explain in the error message why it doesn't work eg Opt-out feature is unfortunately not working because this site is not using https and the tracking code cannot be found on this page. Please contact the website administrator for help. or Opt-out feature is unfortunately not working because this opt-out iframe domain $DOMAIN does not match the analytics service domain $DOMAIN2. Please contact the website administrator for help.

I noticed it was actually not changing the status because I had disableCookies in my tracking code (https://matomo.org/faq/general/faq_157/). I wonder if we need to still execute the methods forgetConsentGiven and rememberConsentGiven even when cookies are disabled? @Findus23 @mattab

not sure of the code details, but the idea would be that consent mechanism should be completely independant of cookies and work the same whether or not cookies are enabled in tracker.

Powered by GitHub Issue Mirror