Do not force api session usage for widgetized views #16875
Conversation
sgiehl
added
not-in-changelog
| @@ -49,7 +49,8 @@ var hasBlockedContent = false; | |||
| function withTokenInUrl() | |||
| { | |||
| postParams['token_auth'] = piwik.token_auth; | |||
| postParams['force_api_session'] = '1'; | |||
| // When viewing a widgetized report there won't be any session that can be used, so don't force session usage | |||
| postParams['force_api_session'] = (piwik.broadcast.getValueFromUrl('module') !== 'Widgetize') ? 1 : 0; | |||
There was a problem hiding this comment.
@sgiehl wouldn't we need to look if force_api_session is present in the original URL or not or something? Like it would mean you can't use the widgetized api with the session API token. Not sure if we do use this somewhere or not in the UI or somewhere?
There was a problem hiding this comment.
Guess makes sense to check that. will change that
There was a problem hiding this comment.
@tsteur updated the code so it respects if force_api_session was already set. I'm not able to test the changes right now. Feel free to do that if needed otherwise I'll do that tomorrow
|
Worked for me generally. However, the visitor map UI tests are now failing. And when I'm on the widgetized page then I always get an error "failed to login"
I'll push a fix for this and will quickly look into visitor map issue. Generally I think there might be still an issue though in general if someone was to embed any non widget action using a regular token auth? |
|
I'm expecting the tests to pass and will likely merge to have it fixed for widgets. I'll add a comment to the original issue to next check it what happens when embedding other actions directly if there is any issue (such as Goals.manageGoals) or the entire UI etc |
Description:
refs #16867
Review