You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BugFor errors / faults / flaws / inconsistencies etc.MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
If I call the flash applets with token_auth=anonymous they are shown nevertheless anonymous do not have view permissions.
If I do the same with JSON api call access is blocked.
Repro:
Log into Piwik website (now you are authenticated with your "adminstrator")
Request JSON data with token_auth=anonymous
You receive access denied to site 1
Request flash widget with token_auth=anonymous
Widget is shown, but shouldn't.
Additional to this it would be great if the Flash applet wouldn't return only the below if access has been denied. It's not very easy for users to understand what happened here.
Open Flash Chart
JSON Parse Error [Syntax Error]
Error at character 0, line 1:
0: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1
The text was updated successfully, but these errors were encountered:
Sorry, I should have been more clear in #790. token_auth is used for API calls; token_auth is not used for authentication in iframes or flash widgets.
In your test case, the API request for JSON formatted data failed as expected. The reason the flash widget succeeded is because you were logged in and Piwik used the authenticated login session. While the Flash widget does use JSON formatted data, the data stream contains additional information required by Open Flash Chart, and as such, it is not the same data as an API request for JSON data.
I need to be able to authenticate the flash data request with token_auth. Drupal user do not need to log into piwik website. They see all standard statistics in the reports section. I do not need to authenticate the swf file themself... only the data that is used to build the flash chart.
BugFor errors / faults / flaws / inconsistencies etc.MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
If I call the flash applets with token_auth=anonymous they are shown nevertheless anonymous do not have view permissions.
If I do the same with JSON api call access is blocked.
Repro:
Additional to this it would be great if the Flash applet wouldn't return only the below if access has been denied. It's not very easy for users to understand what happened here.
The text was updated successfully, but these errors were encountered: