Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OptOut iFrame does not evaluate the Do Not Track Flag #7457

Closed
GunnarBs opened this issue Mar 17, 2015 · 1 comment
Closed

OptOut iFrame does not evaluate the Do Not Track Flag #7457

GunnarBs opened this issue Mar 17, 2015 · 1 comment
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.

Comments

@GunnarBs
Copy link

The OptOut iFrame evaluates, if the user has a cookie set which request a do not track like behavior.

However, if the piwik site is set to evaluate the Do Not Track setting of user's browser and the user has do not track enabled, then the iFrame displays wrong content, namely that the user is being tracked while he is not.

Since the guidelines for core development are not available, I post the necessary code changes here:

In Controller.php change
    /**
     * Shows the "Track Visits" checkbox.
     */
    public function optOut()
    {
        $trackVisits = !IgnoreCookie::isIgnoreCookieFound();

        // check if user has DoNotTrack enabled
        $dntChecker = new DoNotTrackHeaderChecker();
        $isDoNotTrack = $dntChecker->isDoNotTrackFound();

        $language = Common::getRequestVar('language', '');
        $lang = APILanguagesManager::getInstance()->isLanguageAvailable($language)
            ? $language
            : LanguagesManager::getLanguageCodeForCurrentUser();

        $nonce    = Common::getRequestVar('nonce', false);
        if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
            Nonce::discardNonce('Piwik_OptOut');
            IgnoreCookie::setIgnoreCookie();
            $trackVisits = !$trackVisits;
        }

        // should not use self::renderTemplate since that uses setBasicVariablesView. this will cause
        // an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query
        // parameter is required)
        $view = new View("@CoreAdminHome/optOut");
        $view->setXFrameOptions('allow');
        $view->trackVisits = $trackVisits;
        $view->isDoNotTrack = $isDoNotTrack;
        $view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
        $view->language = $lang;
        return $view->render();
    }

optOut.twig:
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
</head>
<body>
{% if isDoNotTrack %}
    {{ 'CoreAdminHome_OptOutIsDoNotTrack'|translate }}
    <br/>
{% else %}
{% if not trackVisits %}
    {{ 'CoreAdminHome_OptOutComplete'|translate }}
    <br/>
    {{ 'CoreAdminHome_OptOutCompleteBis'|translate }}
{% else %}
    {{ 'CoreAdminHome_YouMayOptOut'|translate }}
    <br/>
    {{ 'CoreAdminHome_YouMayOptOutBis'|translate }}
{% endif %}
<br/><br/>

<form method="post" action="?module=CoreAdminHome&amp;action=optOut{% if language %}&amp;language={{ language }}{% endif %}">
    <input type="hidden" name="nonce" value="{{ nonce }}" />
    <input type="hidden" name="fuzz" value="{{ "now"|date }}" />
    <input onclick="this.form.submit()" type="checkbox" id="trackVisits" name="trackVisits" {% if trackVisits %}checked="checked"{% endif %} />
    <label for="trackVisits"><strong>
        {% if trackVisits %}
            {{ 'CoreAdminHome_YouAreOptedIn'|translate }} {{ 'CoreAdminHome_ClickHereToOptOut'|translate }}
        {% else %}
            {{ 'CoreAdminHome_YouAreOptedOut'|translate }} {{ 'CoreAdminHome_ClickHereToOptIn'|translate }}
        {% endif %}
    </strong></label>
    <noscript>
        <button type="submit">{{ 'General_Save'|translate }}</button>
    </noscript>
</form>
{% endif %}
</body>
</html>

This requires one new language entry:
en.json: "OptOutIsDoNotTrack": "Your browser has "Do Not Track" enabled and therefore your visit is not recorded.",
de.json: "OptOutIsDoNotTrack": "Ihr Browser hat "Do Not Track" gesetzt und daher wird Ihr Besuch nicht aufgezeichnet.",
@sgiehl
Copy link
Member

sgiehl commented Mar 17, 2015

That should already be fixed in #7317

@sgiehl sgiehl closed this as completed Mar 17, 2015
@sgiehl sgiehl added the duplicate For issues that already existed in our issue tracker and were reported previously. label Mar 17, 2015
GunnarBs referenced this issue Mar 17, 2015
@ArnY
Take DNT into account cf #7317
e3217a2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate For issues that already existed in our issue tracker and were reported previously.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgiehl @GunnarBs