Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set referrer policy on default img tracking code #16237

Merged
merged 2 commits into from Jul 23, 2020
Merged

Set referrer policy on default img tracking code #16237

merged 2 commits into from Jul 23, 2020

Conversation

tsteur
Copy link
Member

@tsteur tsteur commented Jul 23, 2020

fix #15845 I can reproduce this when using this script

<?php header('referrer-policy: same-origin');?>
<html>
<head>

</head><body>
<img src="//YOURDOMAIN.com/matomo.php?idsite=1&rec=1" referrerpolicy="no-referrer-when-downgrade" style="border:0;" alt="" />
</body>
</html>

This scripts need to be placed on a different domain than the Matomo domain. Without the referrerpolicy, the tracking quest would not include any information and track a request without any page URL. With the attribute, it tracks the request and includes the referrer.

The downgrade part shouldn't be any issue because should a website be HTTPS, and Matomo HTTP, then the request would likely not be executed anyway. For more information see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

image

@tsteur tsteur added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Jul 23, 2020
@tsteur tsteur added this to the 4.0.0 RC milestone Jul 23, 2020
@diosmosis diosmosis merged commit 817c48d into 4.x-dev Jul 23, 2020
@diosmosis diosmosis deleted the m15845 branch July 23, 2020 03:58
@imrejonk
Copy link

@tsteur Looks good, great to see that you picked this up! Hopefully it will prevent webmasters some headaches :)

@tsteur
Copy link
Member Author

tsteur commented Jul 23, 2020

@imrejonk thanks for mentioning it and providing the solution 👍 that made it easy

@mattab mattab modified the milestones: 4.0.0-RC, 4.0.0 Sep 28, 2020
@pbb72 pbb72 mentioned this pull request Mar 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

Tracking of visitors without JavaScript (image beacon) does not work with strict referrer-policy
4 participants
@tsteur @imrejonk @diosmosis @mattab