New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds possibility to force cookie less tracking #16592
Conversation
65701e2
to
9eafae7
Compare
d64ee4b
to
1fdfb68
Compare
Should be ready for a first review. @tsteur maybe you could have a quick look if it does what you expected. |
} | ||
|
||
if ('object' === typeof window.Matomo) { | ||
init(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: This feature will only work correctly if the matomo.js / piwik.js
is writable. It won't 100% work when it is loaded separately and I reckon people would probably also not load it as a separate file and we would then rather rely on recommending people to call disableCookies
and ignoring any cookie server side.
To be safe we could iterate over all existing Matomo.getAsyncTrackers()
and call the setup method as well for each tracker. However, it would not work for any tracker created using getTracker()
plus at this point it might be too late for any async tracker as they might have created cookies already. That be not a big issue though, we'll make users aware of this in the setting maybe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. That also won't work when cookie less tracking is "forced" for a single site only. So we need to advice people to call disableCookies
nevertheless.
Actually I was thinking about having a separate piwik_no_cookies.js that maybe even does not contain any of the code that uses cookies at all. That would make it easy to ensure no cookies would be set... But would be of course cause more work to maintain both files
@sgiehl left few comments. Goes in the right direction 👍 |
@sgiehl still reviewing but one thing I noticed is that we basically would need to move this feature from General settings page to the "Privacy -> Anonymise data" settings page. Simply to have these privacy related settings in one place. Should have noticed this earlier before we made heaps of work sorry about this. Also generally noticing the If we decide to still offer the feature to disable cookies on a per site basis then we'd need to rename the measurable setting for this feature to something like "ignore cookies" because it would still set cookies in the client but only ignore them on the server side. I'm not sure there's actually much of a benefit though as users and website visitors wouldn't know this and to users it would still look like cookies are being used and they could get in trouble. It's adding more confusion then it does good. Technically, we need the possibility to disable this on a per site basis eg for #16363 . @sgiehl for now we should remove this feature from measurable settings and only have the global setting under As part of #16363 we will then think of a way to either let users configure on a per site basis that "they disabled cookies (and we disable it additionally server side)". |
5bf803d
to
6e336b1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 worked. just left some minor comments.
There's one issue left that when calling requireConsent
after the tracker has been set up, then cookies may be enabled if tracking consent has been given. That's pretty edge case though maybe. If we could prevent that, it would be great though.
6e336b1
to
dbe013f
Compare
is it enough to simply overwrite Applied the other changes. |
Actually I just realise it only disables the cookies so it's no problem as it won't enable them. Meaning we need to remove |
Feel free to merge once the change is made. Could you maybe then create a quick new FAQ for this like |
635bcf7
to
3f98a2a
Compare
@tsteur created https://matomo.org/faq/how-do-i-enforce-tracking-without-cookies/ |
globally and/or per site
fixes #16258