New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JS Tracking code may generate "The operation is insecure" warnings with specific Firefox settings #17454
Comments
Hi @brainfoolong, I have a couple questions:
Also, I'm not completely up to speed on the discussion around this issue, so forgive me if this is obvious, but what's the impact of this bug? Does nothing track because of it or is it just an error in the console? |
Hi, just the try to use This code from matomo does not run on firefox in this case because of this exception, but i don't know what it exactly does. IMHO, i don't see why matomo try to hook into existing service workers. I read it is for offline tracking but cannot find any relevant code for this, as "matomoSync" does only exist once in the matomo code. |
Hi @brainfoolong, can you check if |
@diosmosis No it does not, but it does not help in this case, at it returns |
That's unfortunate. Thanks for checking. |
And another note: You can catch this error, but cannot make the error go away. I've tried 3 different methods:
|
Looks like there's a bug in the firefox tracker for this: https://bugzilla.mozilla.org/show_bug.cgi?id=1413615 If it's possible to detect when that privacy feature is enabled we could avoid the error. Failing that it could be conditionally enabled/disabled in the tracker. |
Yes, maybe. But, this issues are years old and nobody cares about... Maybe it could be an option in matomo, to prevent offline tracking and so to prevent the use of service worker hooks? But my question really is, what does this part of the code? I cant see any use of this, as the registered "matomoSync" does no seem to be used anywhere else. Also, the use for I know, it is not really a matomo error, but matomo does generate those errors and i don't see that firefox will fix this anywhere soon. |
That comment was just to provide information from my research. Unfortunately, I don't know what this code is for as I wasn't involved in writing or reviewing it, but @tsteur might be able to answer why it's there. |
The part it interacts with is the service worker in https://github.com/matomo-org/matomo/blob/4.x-dev/offline-service-worker.js matomo/offline-service-worker.js Lines 117 to 121 in 086874b
The documentation is just the description of #15970 and https://matomo.org/faq/how-to/how-do-i-set-up-matomo-offline-tracking/ for now. |
@Findus23 Thx for clearing this up. This is indeed good to know, as we firewalled our matomo instance and only pass matomo.js and matomo.php through, so this wouldn't even work for us. Beside that, i think using a highly experimental feature, the |
We get similar errors. However, not only in Firefox but also in Safari (iOS and MacOS). |
I'll move this into the current 4.3 milestone so we can investigate further. |
Hi @brainfoolong and @felix-berlin, I have just started to look into resolving this issue and can't reproduce it in Firefox 89. Can you please let me know if you are still seeing the issue, and if so perhaps give me steps and environment to reproduce the issue? Thanks - maybe some browser updates have fixed this. |
Hi @justinvelluppillai . The error still exist. Just run this on any website in F12 -> Console. That's basically the core problem of matomo and the most basic example to reproduce. You need to enable the settings as stated in post #17454 (comment) |
This information has all been mentioned above, but just to clarify this issue: The relevant setting is When it is set, I have submitted a PR to fix this by handling the rejected promise and silently ignoring it. |
@justinvelluppillai Thanks, i can confirm that this fix does work. |
Thanks @brainfoolong appreciate you drawing our attention to this and your patience in providing details to get it fixed. |
Is there a other way to force the error? |
@felix-berlin Do you by chance use any browser extension that modifies theses browser settings? For me, if I set |
@Findus23 Yes but only two :) |
Hi guys!
|
This issue has been resolved in Matomo years ago. Your code also doesn't look related to Matomo at all, so maybe this isn't the correct place for reporting it. |
This bug is just a follow up to a already known bug, but i decided to start a new issue here as the others are marked as resolved or have been merged.
References:
Ok, i can now reproduce this bug with
4.2.1
in Firefox87.0
on windows. It is still present and still causes errors in our JS error logs. It depends on some specific firefox strict security settings.Following example:
console.log(navigator.serviceWorker && navigator.serviceWorker.ready)
The console command is basically the same as used in matomo here
https://github.com/matomo-org/matomo/blob/4.x-dev/js/piwik.js#L6989
Demo:
Settings:
The text was updated successfully, but these errors were encountered: