@tsteur opened this Issue on April 12th 2021 Member

3rd party cookies work less and less and eventually won't be available anymore. Kind of related post https://matomo.org/blog/2020/02/new-cookie-behaviour-in-browsers-may-cause-regressions/ For the opt in to work we therefore need a different way and set first party cookies.

Matomo for WordPress already doesn't use the opt out iframe anymore and sets first party cookies. In On-Premise as part of https://github.com/matomo-org/matomo/issues/12767 we already added the support of postMessages to set first party cookies when possible. This however currently only works in some cases (eg when the tracking code is embedded on the same page and both opt out and tracking code use the same Matomo domain).

In the future ideally we show a message in the opt out iframe when it won't work because eg there's no tracking code on the privacy policy page. We might even want to completely remove the third party cookie part (however we'd still need to detect it when it's set and not track to not break BC and to not suddenly start tracking users that oped out previously). Maybe we could even remove the domain check and opt users out in more cases even if there is a mismatch between the opt out iframe and the tracking domain on the privacy policy page.

Or maybe we would need to offer a new way of embedding the opt out without any iframe. This would likely require loading another JS and some configuration to customise it and for Matomo to know where to place it (unless this is all stored in a JS file and the user can configure multiple different JS opt out files).

@Findus23 commented on April 13th 2021 Member

In theory something like this might work and be user-friendly, right?

<div id="opt-out"></div>
<script data-id="opt-out" src="https://matomo.example/optout.js"></script>

With optout.js being a file like matomo.js that is able to read the data parameter and then use it as a target of https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form to create an opt-out box that looks like the iFrame.

Only issue is maybe localisation as this might bloat the js file quite a bit.

@tsteur commented on October 21st 2021 Member

Generally yes @Findus23 It might not be a fixed JS file though but more of an actual request to take into account for example translations. Unless we can solve translations in JavaScript.

The current iframe opt out, also has few other options to customise colors etc:

        style="border: 0; height: 200px; width: 600px;"

We would provide the same options for this. For example using data attributes like data-font-color="".

We also offer options to customise cookie domain, cookie same site, cookie secure, cookie path, cookie name prefix.

The rendered content should look and function otherwise the same as before. However, the cookie is set on the site that you're on and not on the Matomo instance.

Powered by GitHub Issue Mirror