Opt-Out Cookie Bug

fseger · July 27, 2021, 12:10pm

Hello,

we are from Riese & Müller. We’ve implemented Matomo via rexx Systems. Unfortunately the HTML Code for the opt-out Cookie we’ve received from rexx Systems doesn’t work properly. It opens the opt-out option and with unclicking the box, it shows that the opt out cookie is deactivated. Closing the pop-out window and clicking the link again, the Opt-Out Cookie box is checked again.

This is where the code is implemented: https://www.r-m.de/en-gb/privacy-policy/

The following HTML Code is implemented:

<iframe style="border: 0; height: 200px; width: 600px;" src="https://matomo.rexx-systems.com/index.php?module=CoreAdminHome&action=optOut&idsite=641&language=de"></iframe>

Does anyone have any idea, how to implement the Opt-Out Cookie appropriately?

Thanks a lot

Lukas · July 27, 2021, 12:20pm

Hi,

It works correctly for me.

Have you by chance set up your browser to not allow third-party domains. This would mean that the iFrame wouldn’t be allowed to store any cookies (as it is on a separate domain) and the opt-out couldn’t be stored.

You could use this opt-out method instead which stores the opt-out cookie on the domain on the tracked site (but is therefore also only valid for this site and not the whole Matomo instance):
https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form

TomCz · July 27, 2021, 1:07pm

Ok. It’s weird. I now directly entered the opt-out URL in Chrome:
https://matomo.rexx-systems.com/index.php?module=CoreAdminHome&action=optOut&idsite=641&language=de and couldn’t opt-out there either. In Firefox, on the other hand, it worked.

I then checked it on a Matomo Cloud project and both work there as well. Maybe there is something wrong with the content security policies.

fseger · January 20, 2022, 12:30pm

Sorry, for the late message. We’ve tried to solve the problem, but couldn’t find a working solution. The problem still remains the same.

@Lukas I’ve checked the cookie settings. I’m allowing third-party domains.
The proposed opt-out method wouldn’t be a fitting solution, as we want to cover the whole Matomo instance. Any other idea, why it doesn’t work?

@TomCz Thanks for jumping in and testing. Couldn’t find anything wrong with the content security policies. I’ve tested it with different devices and different browsers, unfortunately it doesn’t work at all for me.

At this point I’m just 404. Don’t know any further troubleshooting options. With this solution, we obviously can’t guarantee a safe solution. This bug needs to get fixed, or we have to turn off matomo, which would be a shame.

Any further ideas…?

Thanks a lot for your input!

Alle the best.