Potential BC break: controller requests with token_auth no longer use session auth #17596
Labels
answered
For when a question was asked and we referred to forum or answered it.
not-in-changelog
For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
After #17520 we avoid using session auth if token_auth is in the URL and force_api_session is not set to 1. This is fine for API requests, but in some places (like the GoogleAnalyticsImporter), we make ajax requests to controller methods w/ the token_auth in the URL. These now are not authenticated when they should be.
Expected Behavior
When requesting a controller method w/ token_auth in the URL, allow use of SessionAuth.
Current Behavior
The session is not used, even if the API is not being requested, if token_auth is in the URL.
Possible Solution
Two quick fixes would be:
$module == 'API'
Steps to Reproduce (for Bugs)
Can be reproduced by trying to start an import in the GoogleAnalyticsImporter API.
FYI @tsteur
The text was updated successfully, but these errors were encountered: