Widget access always only works with view access not respecting new config setting #16869
Labels
Regression
Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone
I think https://github.com/matomo-org/matomo/blob/4.0.3/plugins/Widgetize/Controller.php#L36-L39 is not respecting the
enable_framed_allow_write_admin_token_auth
setting @diosmosis ?It should be maybe also using https://github.com/matomo-org/matomo/blob/4.0.3/core/API/Request.php#L461 when token_auth is not empty?
Technically, I think that code is not even needed in Widgetized controller as it's already done in Frontcontroller but it be generally maybe still good to simply call that existing method also (unless there's some reason not to call that method). Just to be sure it'll be executed in widgetized action no matter how it is executed.
I didn't actually test it. Only saw the code and it looks like this will be causing issues.
The text was updated successfully, but these errors were encountered: