New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to track only POST requests #18784
Comments
Hi @daniel-lerch, thanks for contacting us. There is an option available for the javascript tracker called |
@bx80 I actually thought about a server sided option which marks all GET requests as Bots and does not count them. If you do not want such an option to be added to Matomo, I will try to achieve that via NGINX configuration. |
@daniel-lerch There are actually also downsides of using post requests only. Post won't contain the data when logged in the access log, which makes it impossible to replay the tracking if that would ever be required. |
@sgiehl Logging is an important concern but as far as I understand Matomo's tracking API POST requests do not contain data in their request body as it is sent as query string like: POST /matomo.php?idsite=1&rec=1&url=https%3A%2F%2Fexample.com HTTP/1.1
Content-Length: 0
... In this case logs would contain all data and could be replayed. Is there another mode accepting form encoded data or JSON via POST that I am not aware of? |
Actually there is both. You can send the tracking parameters as form encoded data or in case of bulk tracking it's send as json. |
I would like to have an option for Matomo only to count tracking requests send as
POST
.Summary
The official HTTP standard specifies
GET
requests as safe. However,GET
requests to the Matomo tracking API actually change the server state. The suitable request for this case isPOST
.Surely there are many use cases for tracking where
GET
requests are absolutely necessary but especially for mobile apps it would be better to count only post requests to prevent counting bot visitors by virus scanners, etc. All websites which use the JavaScript tracker could also enable this restriction.The option track only POST requests should be per site and Matomo could either return
200 OK
and do nothing or return405 Method Not Allowed
when it receives aGET
request to the tracking API.Your Environment
The text was updated successfully, but these errors were encountered: