diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2020-10-29 02:37:25 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-29 02:37:25 +0300 |
commit | 5c7b0f275a9fac7ef9ac8292db7b6bf1a40d8c6b (patch) | |
tree | de45a54aa679128663e569c929159ab0ebfbf959 /config | |
parent | 935293db11b7ee98d97596118ae76d9023d8d79e (diff) |
Add new INI config [General] enable_framed_allow_write_admin_token_auth… (#16595)
* Add new INI config [General] enable_framed_allow_write_admin_token_auth to allow framed matomo use case to still function in Matomo 4.
* Link to faq in exception message.
* apply pr feedback and write integration tests (not passing)
* fix test
* fix test
* update screenshot
* fix more ui tests
* update exception message
* update some expected screenshots
* update screenshot
Co-authored-by: Thomas Steur <tsteur@users.noreply.github.com>
Diffstat (limited to 'config')
-rwxr-xr-x | config/global.ini.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 568c5910a5..58dc9bb380 100755 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -455,6 +455,13 @@ enable_framed_pages = 0 ; Default is 0 (i.e., bust frames on the Settings forms). enable_framed_settings = 0 +; Set to 1 to allow using token_auths with write or admin access in iframes that embed Matomo. +; Note that the token used will be in the URL in the iframe, and thus will be stored in webserver +; logs and possibly other places. Using write or admin token_auths can be seen as a security risk, +; though it can be necessary in some use cases. We do not recommend enabling this setting, for more +; information view the FAQ: https://matomo.org/faq/troubleshooting/faq_147/ +enable_framed_allow_write_admin_token_auth = 0 + ; language cookie name for session language_cookie_name = matomo_lang |