Tracker API: cdt parameter should not require token_auth when setting a recent datetime #6110
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Task
Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
The goal of this ticket is to modify the Tracker API parameter
cdt
so that it is allowed to sendcdt
values within the last N seconds without passing thetoken_auth
.By default a user could send a tracking api request setting a custom datetime in near past without needing to authenticate with
token_auth
.Tasks
cdt
This overall goal is to make Mobile Apps Tracking easier to use and less need of configuration in the SDK.
The text was updated successfully, but these errors were encountered: