Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using Opt-Out iFrame twice doesn't work #15629

Closed
Findus23 opened this issue Feb 27, 2020 · 6 comments · Fixed by #15671
Closed

Using Opt-Out iFrame twice doesn't work #15629

Findus23 opened this issue Feb 27, 2020 · 6 comments · Fixed by #15671
Assignees
@sgiehl
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone
3.13.4

Comments

@Findus23
Copy link
Member

Reported in https://forum.matomo.org/t/fehler-im-optout/36246 and reproduced on demo.matomo.org

Steps to reproduce:

This also works the other way around (having opt-out, enabling and then re-disabling tracking and it won't opt-out correctly)
@Findus23 Findus23 added the Regression Indicates a feature used to work in a certain way but it no longer does even though it should. label Feb 27, 2020
@Findus23 Findus23 added this to the 3.13.4 milestone Feb 27, 2020
@tsteur
Copy link
Member

tsteur commented Feb 27, 2020

@Findus23 this works for me

@Findus23
Copy link
Member Author

Very weird. I can reproduce this in a clean firefox and chromium profile.
testcase

@tsteur
Copy link
Member

tsteur commented Feb 27, 2020

don't reload the page and opt-in again

Missed that part. That probably never worked @Findus23 ?
That's because Matomo can't receive the cookie right away unless it did reload the frame. Could you test this with an older version if easily doable? I quite doubt this worked.

@Findus23
Copy link
Member Author

That probably never worked @Findus23 ?

Good question. With Matomo 3.6.1 it works (but there is a weird delay after clicking):
test

(I'm always testing in a fresh Firefox profile to make sure no old cookies survive)

  • exact same in 3.8.1
  • same in 3.10.0
  • same in 3.11.0
  • same in 3.12.0
  • same in 3.13.0
  • and starting with 3.13.1 I see the issue described above and I start seeing a warning because I just quickly created a HTTP site

The tracking opt-out feature may not work because this site was not loaded over HTTPS. Please reload the page to check if your opt out status changed.

As this was added in #15184, I am going to guess this PR also caused the regression.

@sgiehl
Copy link
Member

sgiehl commented Mar 3, 2020

I would assume the problem is a result of #14400 in combination with #15184. As there is a CSRF nonce that is evaluated only the first request can be valid 🤷‍♂
I'm not very deep in that topic, so not sure why it uses a new window to set the cookie. But if that is required, guess the easiest solution would be to reload the opt-out frame once the window closes

@Findus23
Copy link
Member Author

Findus23 commented Mar 3, 2020
edited

I'm not very deep in that topic, so not sure why it uses a new window to set the cookie.

I think it is because of #3135 and #8578

@sgiehl sgiehl self-assigned this Mar 5, 2020
@sgiehl sgiehl mentioned this issue Mar 5, 2020
Merged
@sgiehl sgiehl linked a pull request Mar 5, 2020 that will close this issue
try to update nonce in out out frame when using new window #15671
Merged
@sgiehl sgiehl closed this as completed Mar 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgiehl sgiehl

Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Milestone
3.13.4
Development

Successfully merging a pull request may close this issue.

try to update nonce in out out frame when using new window matomo-org/matomo
3 participants
@tsteur @sgiehl @Findus23