Piwik: Support the disabling of cookies
Release notes
Gitlab administrators now have the option to configure Gitlab so that the Piwik/Matomo integration is used without cookies, per the Piwik API.
Problem to solve
Gitlab-Piwik/Matomo integration currently invokes the Piwik API in a way such that end-users receive additional cookies from Piwik. These cookies are sometimes undesirable for a number of reasons, including the legal requirement to inform users of their existence.
Intended users
The following roles will have an interest in this option:
User experience goal
When this option is enabled, the burdened is lessened for the informing of users of cookies that are stored in their browser. In a broader context, new users (and users with a new browser) might not need to confirm the acceptance of cookies.
Proposal
We add an option to gitlab.yml and to the piwik handling code to request via the Piwik API to not use cookies.
Further details
A Data analysis team wants to track a self-hosted Gitlab installation using Piwik. However, the Data Security officer notes that it is required to disclose the use of the corresponding cookies to new users. Since Piwik has the option of disabling these cookies, the various parties negotiate the possibility of using Piwik but without cookies. The System Administrator then configures the Gitlab installation to use Piwik, but without the use of Piwik-generated cookies.
Permissions and Security
Only changeable for site administrators and requires a unicorn-restart.
Documentation
I could find no existing documentation on the Piwik-Gitlab integration feature. It is purely documented within the comments of the configuration file (gitlab.yml
) and corresponding Omnibus installation. I suspect there is little value in providing this documentation, unless the configuration option is migrated to the UI, which is way above my skillset.
Availability & Testing
- Unit test changes
- Unit tests should ensure the new configuration option does not break existing functionality
- Unit tests should test
true
andfalse
values for different generated javascript
- Integration test changes
- In conjunction with a Piwik service, when option is true, the client should not receive Piwik-generated cookies. When it is false or undefined, the client will receive Piwik-cookies as it does now.
- End-to-end test change
What does success look like, and how can we measure that?
See Testing
What is the type of buyer?
N/A
Is this a cross-stage feature?
?