@GunnarBs opened this Issue on March 17th 2015

The OptOut iFrame evaluates, if the user has a cookie set which request a do not track like behavior.

However, if the piwik site is set to evaluate the Do Not Track setting of user's browser and the user has do not track enabled, then the iFrame displays wrong content, namely that the user is being tracked while he is not.

Since the guidelines for core development are not available, I post the necessary code changes here:

In Controller.php change
    /**
     * Shows the "Track Visits" checkbox.
     */
    public function optOut()
    {
        $trackVisits = !IgnoreCookie::isIgnoreCookieFound();

        // check if user has DoNotTrack enabled
        $dntChecker = new DoNotTrackHeaderChecker();
        $isDoNotTrack = $dntChecker->isDoNotTrackFound();

        $language = Common::getRequestVar('language', '');
        $lang = APILanguagesManager::getInstance()->isLanguageAvailable($language)
            ? $language
            : LanguagesManager::getLanguageCodeForCurrentUser();

        $nonce    = Common::getRequestVar('nonce', false);
        if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
            Nonce::discardNonce('Piwik_OptOut');
            IgnoreCookie::setIgnoreCookie();
            $trackVisits = !$trackVisits;
        }

        // should not use self::renderTemplate since that uses setBasicVariablesView. this will cause
        // an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query
        // parameter is required)
        $view = new View("<a class='mention' href='https://github.com/CoreAdminHome'>@CoreAdminHome</a>/optOut");
        $view->setXFrameOptions('allow');
        $view->trackVisits = $trackVisits;
        $view->isDoNotTrack = $isDoNotTrack;
        $view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
        $view->language = $lang;
        return $view->render();
    }

optOut.twig:
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
</head>
<body>
{% if isDoNotTrack %}
    {{ 'CoreAdminHome_OptOutIsDoNotTrack'|translate }}
    <br/>
{% else %}
{% if not trackVisits %}
    {{ 'CoreAdminHome_OptOutComplete'|translate }}
    <br/>
    {{ 'CoreAdminHome_OptOutCompleteBis'|translate }}
{% else %}
    {{ 'CoreAdminHome_YouMayOptOut'|translate }}
    <br/>
    {{ 'CoreAdminHome_YouMayOptOutBis'|translate }}
{% endif %}
<br/><br/>

<form method="post" action="?module=CoreAdminHome&amp;action=optOut{% if language %}&amp;language={{ language }}{% endif %}">
    <input type="hidden" name="nonce" value="{{ nonce }}" />
    <input type="hidden" name="fuzz" value="{{ "now"|date }}" />
    <input onclick="this.form.submit()" type="checkbox" id="trackVisits" name="trackVisits" {% if trackVisits %}checked="checked"{% endif %} />
    <label for="trackVisits"><strong>
        {% if trackVisits %}
            {{ 'CoreAdminHome_YouAreOptedIn'|translate }} {{ 'CoreAdminHome_ClickHereToOptOut'|translate }}
        {% else %}
            {{ 'CoreAdminHome_YouAreOptedOut'|translate }} {{ 'CoreAdminHome_ClickHereToOptIn'|translate }}
        {% endif %}
    </strong></label>
    <noscript>
        <button type="submit">{{ 'General_Save'|translate }}</button>
    </noscript>
</form>
{% endif %}
</body>
</html>

This requires one new language entry:
en.json: "OptOutIsDoNotTrack": "Your browser has \"Do Not Track\" enabled and therefore your visit is not recorded.",
de.json: "OptOutIsDoNotTrack": "Ihr Browser hat \"Do Not Track\" gesetzt und daher wird Ihr Besuch nicht aufgezeichnet.",

@sgiehl commented on March 17th 2015 Member

That should already be fixed in #7317

This Issue was closed on March 17th 2015
Powered by GitHub Issue Mirror