@Findus23 opened this Issue on February 27th 2020 Member

Reported in https://forum.matomo.org/t/fehler-im-optout/36246 and reproduced on demo.matomo.org

Steps to reproduce:

This also works the other way around (having opt-out, enabling and then re-disabling tracking and it won't opt-out correctly)

@tsteur commented on February 27th 2020 Member

@Findus23 this works for me

@Findus23 commented on February 27th 2020 Member

Very weird. I can reproduce this in a clean firefox and chromium profile.
testcase

@tsteur commented on February 27th 2020 Member

don't reload the page and opt-in again

Missed that part. That probably never worked @Findus23 ?
That's because Matomo can't receive the cookie right away unless it did reload the frame. Could you test this with an older version if easily doable? I quite doubt this worked.

@Findus23 commented on February 28th 2020 Member

That probably never worked @Findus23 ?

Good question. With Matomo 3.6.1 it works (but there is a weird delay after clicking):
test

(I'm always testing in a fresh Firefox profile to make sure no old cookies survive)

  • exact same in 3.8.1
  • same in 3.10.0
  • same in 3.11.0
  • same in 3.12.0
  • same in 3.13.0
  • and starting with 3.13.1 I see the issue described above and I start seeing a warning because I just quickly created a HTTP site

    The tracking opt-out feature may not work because this site was not loaded over HTTPS. Please reload the page to check if your opt out status changed.

As this was added in https://github.com/matomo-org/matomo/pull/15184, I am going to guess this PR also caused the regression.

@sgiehl commented on March 3rd 2020 Member

I would assume the problem is a result of #14400 in combination with #15184. As there is a CSRF nonce that is evaluated only the first request can be valid 🤷‍♂
I'm not very deep in that topic, so not sure why it uses a new window to set the cookie. But if that is required, guess the easiest solution would be to reload the opt-out frame once the window closes

@Findus23 commented on March 3rd 2020 Member

I'm not very deep in that topic, so not sure why it uses a new window to set the cookie.

I think it is because of #3135 and #8578

This Issue was closed on March 6th 2020
Powered by GitHub Issue Mirror