disableSendImageResponse() does not work properly

[NicoHood]

https://developer.matomo.org/api-reference/PHP-Matomo-Tracker#disablesendimageresponse

I am using the following code:

$matomoTracker->disableSendImageResponse();
$ret = $matomoTracker->getUrlTrackPageView($page->title());

When I open the url at $ret I always see a gif image instead of a 204 response.

Also, is there an option to tell matomo if the url got requested, the user uses a screen resolution of AxB? Combined with some clever css we could track the resolution of user devices:
https://medium.com/javascript-in-plain-english/tracking-with-css-ec98e3d81046
https://www.templarbit.com/blog/2018/03/20/tracking-users-with-css/

[tsteur]

@NicoHood this works for me nicely. It sets the correct parameter send_image=0 and returns HTTP 204. Can you maybe check again in the developer tools for example?

You can track the resolution using the setResolution($width, $height) method.

[NicoHood]

I also tried it again and it works now. I am not sure what I did wrong, I assume it was my mistake. Really strange. Sorry for the confusion.

However the response code is always 400 (bad request) and in the dashboard I cannot see any page view.

$matomoTracker = new MatomoTracker((int)$site_id, $matomo_url);
$matomoTracker->setTokenAuth($token);
dump($matomoTracker->getUrlTrackPageView($page->title()));
// -> I then manually enter the url in the browser

[sgiehl]

You can try enabling the debug mode of the Tracker in Matomo by adding this to your config.ini.php

[Tracker]
debug = 1

When you then open a tracking url in the browser you should see some debugging output. Maybe that helps to identify the problem.

[NicoHood]

Nice, the error is: Tracker API 'cip' was used, requires valid token_auth.

Now I've set up a proper token, however the url returned by getUrlTrackPageView() has no token set. If I remove the cip option, it even works without a token.

By "working" I mean the correct response code is returned. The gif was sent anyways, even with a 400 response (I am not sure if that is intended)

Now I am am bit lost on how to fix that properly. This issue is related:
matomo-org/matomo#13854
#39

[NicoHood]

It turns out to be like that:

The reason why it does not work is, because I am setting an auth token. Because the auth token is specified the cip parameter will be applied. However in the final request the token is missing, because sendRequest() add the token, but when using getUrlTrackPageView() (and others) this function is never called. doTrackPageView() however works, as it also adds the token.

The workaround would be to:

• Do not set the token + use getUrlTrackPageView()
• OR Set the token and use doTrackPageView()

But why is the token omitted for getUrlTrackPageView() requests? The token would be placed directly into the html. Is the token something sensible that should be hidden to the user?

Possible solutions:

• Only add cip in sendRequest() instead of getRequest()
• OR add the token also in the getRequest() instead of the sendRequest()

You should know best what to do.

[sgiehl]

Depending on the rights of the user the token belongs to, someone could do anything with your Matomo instance using the token, as it's also usable for authenticating any API request.

[NicoHood]

I also want to not that getUrlTrackPageView() does not call generateNewPageviewId() which means the "image" will be cached, as a random id for cache busting is missing. I guess that should be fixed as well?

[tsteur]

You can likely get the &token_auth= as part of the URL by calling $tracker->setRequestMethodNonBulk('GET'). We would be usually posting the token for security reasons and not include it as a GET parameter by default so the token won't appear in the logs.

[tsteur]

I also want to not that getUrlTrackPageView() does not call generateNewPageviewId() which means the "image" will be cached, as a random id for cache busting is missing. I guess that should be fixed as well?

The URL should always include a parameter r that changes randomly.