matomo-org/matomo

Allow disable and configure the 'cdt' ignore mechanisme

Open

#10,116 opened on May 4, 2016

View on GitHub
 (1 comment) (0 reactions) (0 assignees)PHP (21,513 stars) (2,847 forks)batch import
EnhancementHelp wanted

Description

Hi,

I use the tracking API over offline applications and send them when the connection came back. I think this would be great to allow configuration of the constant Tracker/Request::CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN

I know that I can force this by using an Admin token but I'm not convident by sharing an Admin Token. It think that a good mechanism would disable this protection by setting the constant to 0.

Thanks,

Contributor guide

Tech stack
None
Domain
backendapi
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
PHPMatomo configuration system
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
30
Research direction
Locate the constant `CUSTOM TIMESTAMP DOES NOT REQUIRE TOKENAUTH WHEN NEWER THAN` in the Matomo source, likely in `plugins/Tracker/Request.php`. Study how other similar constants are exposed as configuration options (e.g., via `config/config.php.ini` or UI settings). Then propose a patch to make this constant configurable, potentially by adding a new setting in the tracker configuration section. Consider the security impact of disabling this protection.
Allow disable and configure the 'cdt' ignore mechanisme · matomo-org/matomo#10116 | Good First Issue