You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tracker API allows to record visits, pages and goal conversions using http rest API. Commonly users would have a webserver make the request to Piwik to record visits. This causes piwik to read the visit/page/goal conversion IP as being the server IP issuing the request to piwik.
This could cause discrepancies or generally wrong user data. It would be nice to be able to customize the IP and server time that Piwik uses in the tracker.
It is critical that these 2 attributes can only be set by the Super User, otherwise anyone could record fake time/ fake IP visits in a piwik instance. I suggest we check and require super user token_auth in the piwik.php request to allow setting IP + server time.
Note that in tests, we already set these 2 parameters. To allow this, the proxy-piwik.php hack is used. This mechanism could then be removed to use the token_auth mechanism.
The text was updated successfully, but these errors were encountered: