@sgiehl opened this Pull Request on October 19th 2020 Member

globally and/or per site

fixes #16258

@sgiehl commented on October 20th 2020 Member

Should be ready for a first review. @tsteur maybe you could have a quick look if it does what you expected.
Also not sure how to write some useful tests for it 🤔

@tsteur commented on October 21st 2020 Member

@sgiehl left few comments. Goes in the right direction 👍

@tsteur commented on October 23rd 2020 Member

@sgiehl still reviewing but one thing I noticed is that we basically would need to move this feature from General settings page to the "Privacy -> Anonymise data" settings page. Simply to have these privacy related settings in one place. Should have noticed this earlier before we made heaps of work sorry about this.

Also generally noticing the tracker.js is actually problematic as it's currently based on a per site basis but we have only one tracker file for all sites. Meaning we can only add the tracker JS code if the feature is disabled for all sites globally.

see https://github.com/matomo-org/matomo/pull/16592/files#diff-9b9b9954067544c5b06d2d3bf22a15d59cc911577001e57d7fa06e7218339250R751

If we decide to still offer the feature to disable cookies on a per site basis then we'd need to rename the measurable setting for this feature to something like "ignore cookies" because it would still set cookies in the client but only ignore them on the server side. I'm not sure there's actually much of a benefit though as users and website visitors wouldn't know this and to users it would still look like cookies are being used and they could get in trouble. It's adding more confusion then it does good.

Technically, we need the possibility to disable this on a per site basis eg for https://github.com/matomo-org/matomo/issues/16363 .

@sgiehl for now we should remove this feature from measurable settings and only have the global setting under Privacy -> Anonymise Data page. Sorry for wasting time here.

As part of #16363 we will then think of a way to either let users configure on a per site basis that "they disabled cookies (and we disable it additionally server side)".

@sgiehl commented on October 26th 2020 Member

There's one issue left that when calling requireConsent after the tracker has been set up, then cookies may be enabled if tracking consent has been given. That's pretty edge case though maybe. If we could prevent that, it would be great though.

is it enough to simply overwrite requireConsent with an empty function?

Applied the other changes.

@tsteur commented on October 26th 2020 Member

is it enough to simply overwrite requireConsent with an empty function?

Actually I just realise it only disables the cookies so it's no problem as it won't enable them. Meaning we need to remove tracker.requireConsent=function(){}; again.

@tsteur commented on October 26th 2020 Member

Feel free to merge once the change is made. Could you maybe then create a quick new FAQ for this like How do I enforce cookieless tracking (not sure we use cookieless tracking much could also say "disable cookies" or something). We'd need to explain that this affects all sites etc. We could link to this new FAQ from https://matomo.org/faq/general/faq_157/
and https://matomo.org/docs/privacy/ . Feel free to directly make the changes. We can also link to it from other places in the future

@sgiehl commented on October 27th 2020 Member

@tsteur created https://matomo.org/faq/how-do-i-enforce-tracking-without-cookies/
Feel free to adjust it if something needs to be improved. Also haven't yet added any links to that page.

This Pull Request was closed on October 27th 2020
Powered by GitHub Issue Mirror