@tsteur opened this Pull Request on July 23rd 2020 Member

fix https://github.com/matomo-org/matomo/issues/15845 I can reproduce this when using this script

<?php header('referrer-policy: same-origin');?>
<html>
<head>

</head><body>
<img src="//YOURDOMAIN.com/matomo.php?idsite=1&rec=1" referrerpolicy="no-referrer-when-downgrade" style="border:0;" alt="" />
</body>
</html>

This scripts need to be placed on a different domain than the Matomo domain. Without the referrerpolicy, the tracking quest would not include any information and track a request without any page URL. With the attribute, it tracks the request and includes the referrer.

The downgrade part shouldn't be any issue because should a website be HTTPS, and Matomo HTTP, then the request would likely not be executed anyway. For more information see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

image

@imrejonk commented on July 23rd 2020

@tsteur Looks good, great to see that you picked this up! Hopefully it will prevent webmasters some headaches :)

@tsteur commented on July 23rd 2020 Member

@imrejonk thanks for mentioning it and providing the solution 👍 that made it easy

This Pull Request was closed on July 23rd 2020
Powered by GitHub Issue Mirror