js: don't track external links

This fixes an issue where, by default, links to private attachments are
reported to Matomo.

This is benign: attachments URLs can be filtered out server-side, and
expire after one hour anyway. But we don't want to ship an insecure
configuration by default.
This commit is contained in:
Pierre de La Morinerie 2021-12-16 16:33:16 +00:00
parent 52750f1800
commit 07230870d3

View file

@ -7,12 +7,19 @@ if (enabled) {
const trackerUrl = `${url}piwik.php`; const trackerUrl = `${url}piwik.php`;
const jsUrl = `${url}piwik.js`; const jsUrl = `${url}piwik.js`;
//
// Configure Matomo analytics // Configure Matomo analytics
//
window._paq.push(['setCookieDomain', '*.www.demarches-simplifiees.fr']); window._paq.push(['setCookieDomain', '*.www.demarches-simplifiees.fr']);
window._paq.push(['setDomains', ['*.www.demarches-simplifiees.fr']]); window._paq.push(['setDomains', ['*.www.demarches-simplifiees.fr']]);
// Dont store any cookies or send any tracking request when the "Do Not Track" browser setting is enabled.
window._paq.push(['setDoNotTrack', true]); window._paq.push(['setDoNotTrack', true]);
// When enabling external link tracking, consider that it will also report links to attachments.
// Youll want to exclude links to attachments from being tracked for instance using Matomo's
// `setCustomRequestProcessing` callback.
// window._paq.push(['enableLinkTracking']);
window._paq.push(['trackPageView']); window._paq.push(['trackPageView']);
window._paq.push(['enableLinkTracking']);
// Load script from Matomo // Load script from Matomo
window._paq.push(['setTrackerUrl', trackerUrl]); window._paq.push(['setTrackerUrl', trackerUrl]);