FriendsOfFlarum Analytics - tracking user visits

clarkwinkelmann

0E800 someone correct me if thats a major security concern, just saying that I am unable to get Piwik analytics to show unless all references are removed

While not a big risk, I would advice against removing that header. SAMEORIGIN should be fine, depending on what you host on the same domain. If there's any place users or third-party might place custom HTML, in particular IFRAMES, I strongly suggest not disabling frame protection.

Allowing inclusion of your analytics admin panel inside another website is dangerous, one could trick you into clicking various options by placing it in an iframe behind content on a webpage.

You're probably a lot safer if your analytics server can only be accessed directly. That header has no impact on the correct working of the javascript tracking code.

I'm not sure why that iframe thing was added to the extension in the first place ? It's not required for the tracking to work and users might downgrade their security to use it...

By the way X-Frame-Options is now deprecated, the browser will use the frame setting provided via CSP if available.

bikepost

clarkwinkelmann could you please comment on why the extension name is all garbled in the left pane of the admin page?

clarkwinkelmann

bikepost could you please comment on why the extension name is all garbled in the left pane of the admin page?

I'm not sure what you mean ? I don't have a working install with that panel right now. Do you have a picture ?

bikepost

@clarkwinkelmann Have a look at the screenshots I posted higher in this thread. In the left side of the screenshot, below Extensions, you will notice that instead of seeing "Analytics" the name shows "Flagrow-analytics.admin.page.nav.title"

clarkwinkelmann

bikepost That's the translations cache that is outdated. Disable and re-enable any extension or run php flarum cache:clear to refresh it ? That should normally do the trick.

bikepost

I had used

php flarum cache:clear

many times and it didn't work.

I just disabled the English extension, re-enabled it and ran

php flarum cache:clear

again for good measure.

Didn't work and Piwik widgets are still now showing any visitors data. It's all 0 visitor.

0E800

@bikepost You need to also do a CTRL F5 on your browser. Your browser stores cache too ?

bikepost

Yep, sorry guys, I even closed the tab and launched a new one and then the browser and reopened.

luceos

bikepost flush the cloudflare cache if you have cloudflare on.

bikepost

luceos Remind me please, do we use Cloudfare for any of this? I don't recall signing up for it or seeing it.

Let me know how to please and I will do it. Google search results all instruct to log in but I don't think I have Cloudfare account.

bikepost

Well, I have an update. Without doing anything further to Cloudfare (what is it @luceos anyway?) or anything else, the extension title now shows properly!

This resolved itself with time.
Would have love to "force" the refresh but I never found a way.

Glad it did.

luceos

bikepost then this was caused by a local/browser cache or Flarum cache.

The process described here should fix it:

https://discuss.flarum.org/d/5623-gamification-reflar-issue-with-locale/15

bikepost

I still don't see how Cloudflare comes into consideration @luceos

But I am using Opera in macOS and to relad a page without cache:

 option + command + R

does the trick. It may be the same in Safari and Chrome. clearing the Flarum cache on the server does not solve this.

I just installed an extension that shows users and I was having the same text formatting issue before using those keys combo.

Thank you very much each one of you for all of your help!

luceos

bikepost cloudflare is a saas you can also have, some hosting providers ship your website with it per default. Cloudflare does some DDOS protection but also caches your pages, something Flarum does not always like that much I think mostly because it doesn't flush the manifest file.

bikepost

@luceos I understand but I don't think my host uses Cloudflare. How do I check?

luceos

https://support.cloudflare.com/hc/en-us/articles/200172886-How-do-I-know-Cloudflare-is-working-on-my-site-

This thread needs moderation attention ? I'm at a loss where to start splitting though ?

PeteCrighton

For me Piwik integration did not work with this extension. _paq.push(['setSiteId', '1']); gets included with ##piwik_options## and not at its appropriate place after _paq.push(['setTrackerUrl', u+'piwik.php']);, so nothing got tracked.
I don’t know if this was also responsible for the iframe only giving a 500 error in the Flarum admin interface, but possibly?

I have now manually included the correct tracking code in core/views/app.blade.php and tracking works.
But it only tracks initial visits and when you refresh a page. So not pages visited via the forum navigation (until refreshed). Is there a setting to change this behaviour or is it just due to how Flarum is built?

jenolan

Do you think you could add an option to set the username ie

_paq.push(['setUserId', '<?=$user['username']?>')

That's from my site not Flarum

Thanks,
Larry

clarkwinkelmann

jenolan where would that $user variable come from ?

Registering the Flarum username, email or id as the Piwik user id with this extension would make sense though.

clarkwinkelmann

Just released version 0.6.0 !

Update with the following command (or use Bazaar):

composer require flagrow/flarum-ext-analytics
php flarum cache:clear

This extension didn't receive much love during this year... It was about time:

Fixed Piwik not tracking page url change correctly
Added the option to track users by username or email in Piwik, following jenolan suggestion. It's disabled by default
Added the option to specify a protocol with the Piwik domain, so you can force https:// analytics for non-https forum for example. Defaults to // as before if not specified
Updated the settings UI to use Flarum components instead of non-styled HTML inputs
Fixed a potential XSS vulnerability if you enabled the "Track subdomains" option
Cleaned up the code

Edit: replaced ~~composer update flagrow/flarum-ext-analytics~~ which does not work to update to that new version ?

jenolan

The username is what it wants, non-logged in you just do not set it. Of course the email (etc) an option setting?

« Previous Page Next Page »