@dcoder2099 opened this Issue on August 19th 2020

Expected Behavior:

Clicking on the visitor id of the Visitor Profile Popup should open the Visitor Profile in a separate window, when the Visitor Profile Popup is rendered as a widget that includes a token_auth query string parameter.

Actual Behavior:

Cicking on the visitor id of the Visitor Profile Popup opens the Sign In screen in a separate window and there is no token_auth in the query string.

Details:

I am embedding the visit log as a widget in an external site that uses token_auth to render the widget in an embedded iframe.

The widget renders fine.

If you click the "View visitor profile" link on any of the visits, the Visitor Profile Popup renders fine.

On the Visitor Profile Popup, if you click on the visitor id, the target of that anchor tag is "_blank" and that opens to the sign-in screen, as the token_auth is not included in the link. If the token_auth is manually added to that link, the profile renders as expected.

The link in plugins/Live/templates/getVisitorProfilePopup.twig is built in .../Live/Controller.php in the setWidgetizedVisitorProfileUrl($view) function. It does not include the token_auth parameter that is included in the iframe's src url.

That's as far as I've gotten as I'm not very familiar with php and twig.

@tsteur commented on August 19th 2020 Member

Thanks for creating the issue @dcoder2099 It should indeed forward the set token so the link actually works.

internal note: might need to see if we can find a general solution for this maybe even? Although might be hard... just in case we have this problem also in other widgets.

@dcoder2099 commented on August 19th 2020

just in case we have this problem also in other widgets.

FWIW, I ran into a similar problem with the commercial "Heatmaps and Session Recordings" plugin and submitted a patch to Innocraft, which they merged into the plugin (not sure if they cleaned it up or not).

So, it's definitely a "this can happen in other plugins" (FOSS or commercial).

I was actually expecting that Url::getCurrentQueryString() should include the token_auth parameter that is in my iframe/widget url, but I guess that gets chopped out by the authentication subsystem (that's totally a guess; I haven't gotten my local environment rigged up to do anything more than browse the source, let alone attempt to run it).

@tsteur commented on August 19th 2020 Member
Powered by GitHub Issue Mirror