You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I there, while checking the protection and security when running matomo on a server.
I found the following issue:
If you install matomo under a server protected directory like :
mydomain.com/matomo/ (Htaccess protected)
If you need to track server protected pages everything is fine.
But when you try to track unprotected pages under the same server by adding the matomo JS script in your unprotected pages.
<script type="text/javascript">
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//www.mydomain.com/matomo/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
Then this JS code is trying to access the protected area of your server : https//www.mydomain.com/matomo/
The current way Matomo works is either :
all your pages and the matomo installation are running under a server protection (server login prompts are then expected)
all your pages and the matomo installation are running unprotected (no server login prompts expected)
all your pages are running unprotected but the matomo installation is under a server protection (then you get unexpected promts when browsing your unprotected pages)
So at the moment the way this JS code works you cannot only protect your motomo folder and track unprotected pages.
Is there any workaround this?
The text was updated successfully, but these errors were encountered:
I there, while checking the protection and security when running matomo on a server.
I found the following issue:
If you install matomo under a server protected directory like :
If you need to track server protected pages everything is fine.
But when you try to track unprotected pages under the same server by adding the matomo JS script in your unprotected pages.
Then this JS code is trying to access the protected area of your server : https//www.mydomain.com/matomo/
The current way Matomo works is either :
So at the moment the way this JS code works you cannot only protect your motomo folder and track unprotected pages.
Is there any workaround this?
The text was updated successfully, but these errors were encountered: