Skip to content

Page Overlay ignores token_auth in URL when opened from a Widget #17640

New issue
New issue
Closed
#17851
Closed
Page Overlay ignores token_auth in URL when opened from a Widget#17640
#17851
Assignees
geekdenz
Labels
BugFor errors / faults / flaws / inconsistencies etc.Help wantedBeginner friendly issues or issues where we'd highly appreciate community's help and involvement.
@Starker3

Description

@Starker3
Starker3
opened on May 31, 2021

Expected Behavior

When embedding Matomo widgets in an iFrame, it is expected that all links in the widget will work when using a token_auth with the correct permissions.

Current Behavior

When embedding Matomo widgets that contain links to view the Page Overlay (For example the Pages or Page URL reports) the Page Overlay links open in a new tab and force the user to log in instead of using the token_auth present in the URL.

This causes any users that are already logged in to Matomo but don't have access to the site to see You do not have access in the Page Overlay UI.
Users that are not logged in will see the error message Your session has expired due to inactivity. Please log in to continue.

Steps to Reproduce (for Bugs)

  1. Embed the Page URL report as a widget in a page using a token_auth of a user that has view access to the report
  2. Open the page that contains the iFramed widget in a private browsing session and click on a link to to a Page Overlay
  3. You should be presented with the following error message if you are not logged in to Matomo:
    image

Your Environment

  • Matomo Version: 4.3.1

Metadata

Metadata

Assignees

Labels

BugFor errors / faults / flaws / inconsistencies etc.Help wantedBeginner friendly issues or issues where we'd highly appreciate community's help and involvement.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions