Fixes #5030 Tracking API now does not require token_auth for bulk requests.

To make behavior the same as in Piwik 2.1.0 or earlier, set the following config setting under [Tracker]:
; Whether Bulk tracking requests to the Tracking API requires the token_auth to be set.
bulk_requests_require_authentication = 1

1 files changed, 4 insertions, 0 deletions

diff --git a/config/global.ini.php b/config/global.ini.php
index 9d76c4be20..31b8beb8c5 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -494,6 +494,9 @@ page_maximum_length = 1024;
 ; TTL: Time to live for cache files, in seconds. Default to 5 minutes.
 tracker_cache_file_ttl = 300
 
+; Whether Bulk tracking requests to the Tracking API requires the token_auth to be set.
+bulk_requests_require_authentication = 0
+
 ; DO NOT USE THIS SETTING ON PUBLICLY AVAILABLE PIWIK SERVER
 ; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and even with fake IPs!
 ; When using the Tracking API, to override either the datetime and/or the visitor IP, 
@@ -501,6 +504,7 @@ tracker_cache_file_ttl = 300
 ; DO NOT USE THIS SETTING ON PUBLIC PIWIK SERVERS
 tracking_requests_require_authentication = 1
 
+
 [Segments]
 ; Reports with segmentation in API requests are processed in real time.
 ; On high traffic websites it is recommended to pre-process the data