@Starker3 opened this Issue on December 22nd 2021 Contributor

It seems that the recent updates to the Safari browser (Prevent cross-site tracking) blocks any cookies from being generated when the Matomo domain doesn't match the website it's being loaded from.

This breaks the use of iFrames for Matomo that require cookies to be set (For example the logme feature)

There doesn't seem to be any way to fix this with headers (Eg using CSP or CORS configurations).

2 current workarounds exist that I've found:

  1. Disable the "Prevent cross-site tracking" setting in the Privacy settings
  2. Redirect the visitor to the page outside of an iFrame to set the cookie - after this the iFrame can load as long as the CORS configuration is correct and the browser isn't completely blocking the iFrame from loading.

I'm not sure how many users are using iFrames that would require cookies to be set, but they would be impacted if any of their users use Safari.

@bastos71 commented on January 24th 2022

We encountered the bug on our side as well.
We're planing to customize the index.php (target of the iframe) to add a link / button to open the link in a new tab/window to prevent this error for Safari users

@tsteur commented on January 25th 2022 Member

FYI in https://github.com/matomo-org/matomo/issues/17452 we will be working on an Opt Out solution that works without iframes meaning this should then no longer be a problem once this new opt out is used

Powered by GitHub Issue Mirror