disableSendImageResponse() does not work properly about matomo-php-tracker HOT 9 OPEN

@NicoHood this works for me nicely. It sets the correct parameter send_image=0 and returns HTTP 204. Can you maybe check again in the developer tools for example?

You can track the resolution using the setResolution($width, $height) method.

from matomo-php-tracker.

I also tried it again and it works now. I am not sure what I did wrong, I assume it was my mistake. Really strange. Sorry for the confusion.

However the response code is always 400 (bad request) and in the dashboard I cannot see any page view.

$matomoTracker = new MatomoTracker((int)$site_id, $matomo_url);
$matomoTracker->setTokenAuth($token);
dump($matomoTracker->getUrlTrackPageView($page->title()));
// -> I then manually enter the url in the browser

from matomo-php-tracker.

You can try enabling the debug mode of the Tracker in Matomo by adding this to your config.ini.php

[Tracker]
debug = 1

When you then open a tracking url in the browser you should see some debugging output. Maybe that helps to identify the problem.

from matomo-php-tracker.

Nice, the error is: Tracker API 'cip' was used, requires valid token_auth.

Now I've set up a proper token, however the url returned by getUrlTrackPageView() has no token set. If I remove the cip option, it even works without a token.

By "working" I mean the correct response code is returned. The gif was sent anyways, even with a 400 response (I am not sure if that is intended)

Now I am am bit lost on how to fix that properly. This issue is related:
matomo-org/matomo#13854
#39

from matomo-php-tracker.

It turns out to be like that:

The reason why it does not work is, because I am setting an auth token. Because the auth token is specified the cip parameter will be applied. However in the final request the token is missing, because sendRequest() add the token, but when using getUrlTrackPageView() (and others) this function is never called. doTrackPageView() however works, as it also adds the token.

The workaround would be to:

• Do not set the token + use getUrlTrackPageView()
• OR Set the token and use doTrackPageView()

But why is the token omitted for getUrlTrackPageView() requests? The token would be placed directly into the html. Is the token something sensible that should be hidden to the user?

Possible solutions:

• Only add cip in sendRequest() instead of getRequest()
• OR add the token also in the getRequest() instead of the sendRequest()

You should know best what to do.

from matomo-php-tracker.

Depending on the rights of the user the token belongs to, someone could do anything with your Matomo instance using the token, as it's also usable for authenticating any API request.

from matomo-php-tracker.

I also want to not that getUrlTrackPageView() does not call generateNewPageviewId() which means the "image" will be cached, as a random id for cache busting is missing. I guess that should be fixed as well?

from matomo-php-tracker.

You can likely get the &token_auth= as part of the URL by calling $tracker->setRequestMethodNonBulk('GET'). We would be usually posting the token for security reasons and not include it as a GET parameter by default so the token won't appear in the logs.

from matomo-php-tracker.

I also want to not that getUrlTrackPageView() does not call generateNewPageviewId() which means the "image" will be cached, as a random id for cache busting is missing. I guess that should be fixed as well?

The URL should always include a parameter r that changes randomly.

from matomo-php-tracker.