Since 1.9.2 optOut does not work any more for Chrome in multi-port configuration for one domain
|Reported by:||culinacard||Owned by:|
|Priority:||critical||Milestone:||1.11 - Piwik 1.11|
|Component:||Core||Keywords:||optOut, Chrome, multi-port, domain|
In piwik 1.9, I have registered one domain for piwik. For security reasons, I configured piwik to a special port, 8443 (SSL) (the other ports have content-security-policy activated, which piwik does not support yet). On port 80 (http) and 443 (https) piwik is included in the user pages to track the users. Note that all files for all ports use the same htdocs directory, so the piwik installation is NOT copied for each port, but reused.
We moreover have a piwik opt-out included on our privacy page, which is located on port 443 (https). You can have a look at it and see it working here, at the bottom of the page (piwik 1.9 is still installed there):
So far, so good. Now, after update of our development system to piwik 1.9.2, the opt out logic does not work any more on Chrome. If I click on the opt-out-checkbox, the page is reloaded, but it does not change the status. It DOES STILL work on Firefox, however. So the problem must have to do with an interaction of the opt-out mechanism with chrome. You can test the problem here:
You can see there, that it works with Firefox, but not with Chrome. Strangely, if I call the optOut inline frame outside the frame and with the port 8443, it DOES work in Chrome:
However, we do not want to use the port 8443 on a normal user page. We definitely need port 443. Otherwise, some users might not be able to reach it, if their firewall does not allow other ports then 443 and 80.
I think this bug is critical, as in germany, we have very restrictive privacy laws. We need to provide at least this opt-out for ours users, never mind which browser they use. And Chrome is a very important browser, moreover.
So, a short analysis of this bug is the following:
"optOut does not work any more with Chrome, if piwik 1.9.2 was installed on another port than the optOut page is used on, and if only one domain is used. But it works with piwik 1.9 without any issues."