Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to set blocking cookie outside admin interface #2789

Closed
anonymous-matomo-user opened this issue Nov 21, 2011 · 5 comments
Closed

Ability to set blocking cookie outside admin interface #2789

anonymous-matomo-user opened this issue Nov 21, 2011 · 5 comments
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@anonymous-matomo-user
Copy link

I'd like to suggest an enhancement to the blocking cookie system. Currently you must be logged into Piwik in each browser you wish to block, on each system you wish to exclude. It would be more convenient by far if this worked more like Clicky, which provides you a link that can be shared outside the context of the admin interface, so that you and your users can easily set their cookies in all browsers without ever logging in.
Keywords: piwik_ignore,blocking cookie

@mattab
Copy link
Member

mattab commented Nov 22, 2011

This is a good suggestion. At the start I suggested limiting it to logged in user to prevent CSRF attacks where, for example, if someone could XSS on your site, it could then have all users automatically set the cookie in their browser and then having all visits ignored... Maybe, what we could do is have a sharable URL that would be impossible to guess with a random token in the url.

When users click on the link, make sure we display a message acknoledging that the cookie was set.

@mattab
Copy link
Member

mattab commented Jun 4, 2012

Actually it should already work, can you please confirm that it works in 1.8.1 ?

@anonymous-matomo-user
Copy link
Author

I'd be happy to test it. How do I get to it? :)

@mattab
Copy link
Member

mattab commented Jun 18, 2012

copy paste the link used to set the cookie, it can be sent around, WARNING: it contains the secret token_auth!

@anonymous-matomo-user
Copy link
Author

What evil things could occur if token_auth fell into the wrong hands?

@anonymous-matomo-user anonymous-matomo-user added this to the 1.8.3 - Piwik 1.8.3 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

2 participants