When embedding Matomo widgets in an iFrame, it is expected that all links in the widget will work when using a
token_auth with the correct permissions.
When embedding Matomo widgets that contain links to view the Page Overlay (For example the Pages or Page URL reports) the Page Overlay links open in a new tab and force the user to log in instead of using the
token_auth present in the URL.
This causes any users that are already logged in to Matomo but don't have access to the site to see
You do not have access in the Page Overlay UI.
Users that are not logged in will see the error message
Your session has expired due to inactivity. Please log in to continue.
token_authof a user that has
viewaccess to the report
Probably related to this PR: https://github.com/matomo-org/matomo/pull/17520
@tsteur I tested this on 4.2.1 and had the exact same error. I tried appending the
token_auth to the end of the URL (Since the link from the widget adds a # with additional information at the end of the URL) as well and it returned the error
Error: You must be logged in to access this functionality.
Weird, it worked for me there using
and then opening the page overlay. Tested this in a private window where you aren't logged in.
actually 4.2 and 4.3 works for me nicely with only the token.
Also works when adding force_api_session=1 (because I don't have a session active anyway)
I can't reproduce the issue actually
force_api_session=1 from the URL didn't make any difference when testing (On 4.2.1).
I got the same error from the URL with and without the force_api_session:
Error: Your session has expired due to inactivity. Please log in to continue.
Tested using a private window (To ensure that there is no open session)
The link that is generated for the overview on both my testing instances is the following:
@tsteur the same for me, it works on the latest version with a view token even when the
force_session_api=1 is in the url.
@flamisz If it helps narrow it down, I'm testing using localhost for the iFrame widget with an externally hosted Matomo install (Accessible from the internet).
great find @flamisz could you also
git checkout 4.2.1 to see if it happens there too?
@tsteur it happens there as well. it's not a regression in my opinion.