Should be ready for a first review. @tsteur maybe you could have a quick look if it does what you expected.
Also not sure how to write some useful tests for it 🤔
@sgiehl still reviewing but one thing I noticed is that we basically would need to move this feature from General settings page to the "Privacy -> Anonymise data" settings page. Simply to have these privacy related settings in one place. Should have noticed this earlier before we made heaps of work sorry about this.
Also generally noticing the
tracker.js is actually problematic as it's currently based on a per site basis but we have only one tracker file for all sites. Meaning we can only add the tracker JS code if the feature is disabled for all sites globally.
If we decide to still offer the feature to disable cookies on a per site basis then we'd need to rename the measurable setting for this feature to something like "ignore cookies" because it would still set cookies in the client but only ignore them on the server side. I'm not sure there's actually much of a benefit though as users and website visitors wouldn't know this and to users it would still look like cookies are being used and they could get in trouble. It's adding more confusion then it does good.
Technically, we need the possibility to disable this on a per site basis eg for https://github.com/matomo-org/matomo/issues/16363 .
@sgiehl for now we should remove this feature from measurable settings and only have the global setting under
Privacy -> Anonymise Data page. Sorry for wasting time here.
As part of #16363 we will then think of a way to either let users configure on a per site basis that "they disabled cookies (and we disable it additionally server side)".
There's one issue left that when calling requireConsent after the tracker has been set up, then cookies may be enabled if tracking consent has been given. That's pretty edge case though maybe. If we could prevent that, it would be great though.
is it enough to simply overwrite
requireConsent with an empty function?
Applied the other changes.
is it enough to simply overwrite requireConsent with an empty function?
Actually I just realise it only disables the cookies so it's no problem as it won't enable them. Meaning we need to remove
Feel free to merge once the change is made. Could you maybe then create a quick new FAQ for this like
How do I enforce cookieless tracking (not sure we use cookieless tracking much could also say "disable cookies" or something). We'd need to explain that this affects all sites etc. We could link to this new FAQ from https://matomo.org/faq/general/faq_157/
and https://matomo.org/docs/privacy/ . Feel free to directly make the changes. We can also link to it from other places in the future
@tsteur created https://matomo.org/faq/how-do-i-enforce-tracking-without-cookies/
Feel free to adjust it if something needs to be improved. Also haven't yet added any links to that page.