Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Page Overlay on a HTTP page does not work when Matomo runs on HTTPS #7067

Closed
a5a351e7 opened this issue Jan 24, 2015 · 14 comments
Closed

Page Overlay on a HTTP page does not work when Matomo runs on HTTPS #7067

a5a351e7 opened this issue Jan 24, 2015 · 14 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc.

Comments

@a5a351e7
Copy link

If you are using Piwik in a HTTPS installation and include some pages that are only via HTTP available, you see in the page overlay mode an error by loading.

In this case a website is hosted as a webpackage and the provider does not support HTTPS for the sites. But if you load the site by entering a https:// before the URI, the server responses with a wrong certificate which is not signed for this domain. I entered the site URI without https:// in the Piwik-config, but Piwik tries to load the overlay via https anyway.

I guess that this is an issue in Piwik. This could by solved by using the given site URI in the config or if there is an option for each site in the config, where you can disable a HTTPS support for this site.

I don't want to disable the SSL for my hosted Piwik, to use the site overlay for non SSL sites.

Best Regards and much thanks for this open source project!

@tsteur tsteur added the Bug For errors / faults / flaws / inconsistencies etc. label Jan 25, 2015
@tsteur
Copy link
Member

tsteur commented Jan 25, 2015

Thx for the report.

I understand #4700 would not be a solution for you which I totally reasonable.

@a5a351e7
Copy link
Author

Hi thx for reply! This is not really a solution, it is more like a "get it working"-hack. I don't want so serve Piwik itself via HTTP, because of data privacy/protection.

A real solution to this problem could be a checkbox in the SiteManager for each site which is called "force http" or something like that. Or it depends on the entered URI, so if it starts with https://, then use HTTPS as default for the overlay stuff. Otherwise just http://.

A fallback is nice, but should not be default. Because sometime you got an response from a server that provides SSL but nor for this domain. So how to you want to process all this possible states. It is -in my opinion- easier to set this aware for each site.

@tsteur
Copy link
Member

tsteur commented Jan 25, 2015

Totally agree with this. It is a hack and not really acceptable for most people.

@a5a351e7
Copy link
Author

I tried to add a "return url;" in plugins/Overlay/Controller.php as first line in handleProtocol javascript function. But this causes a:

Mixed Content: The page at /index.php?module=Overlay&period=month&date=today&idSite=10#l=http$3A$2F$2Florem.de$2F' was loaded over HTTPS, but requested an insecure resource 'http://lorem.de/'. This request has been blocked; the content must be served over HTTPS.

A solution would be to extend the Controller with a proxy functionality. So that not the browser tries load the Frame-Data, but the server with the piwik installation itself. Otherwise there is not possibility to view HTTP in a HTTPS context.

@mattab
Copy link
Member

mattab commented Feb 19, 2015

I actually am not sure whether this would work at all or whether there is a solution for this issue? Maybe google analytics has solved this since they use HTTPS for their web UI yet and I guess their overlay also work on HTTP pages.

@mattab mattab added this to the Short term milestone Feb 19, 2015
@tsteur
Copy link
Member

tsteur commented Feb 19, 2015

I didn't have a detailed look but I think we can make this work.

@mattab
Copy link
Member

mattab commented Feb 19, 2015

@tsteur do you think it could be done in a few hours? if so, I would be keen to add to next milestones as it's recurrent issue and again yesterday was confronted with this bug by a user in the office.

@tsteur
Copy link
Member

tsteur commented Feb 19, 2015

Hard to tell. I currently haven't configured my Piwik for HTTPS so I'm not sure where it fails or what the problem is

@CanuckNick
Copy link

Adding my vote for this. I have some users that are also looking to use this feature but since we run our Piwik interface under SSL and not all of our sites support SSL it doesn't work. I would be willing to test any code as a solution to this.

@a5a351e7
Copy link
Author

Hi there, is there something new?

@mattab mattab modified the milestones: Short term, Mid term Apr 7, 2015
@mddvul22
Copy link

mddvul22 commented Feb 5, 2016

Any updates on this? This is still a problem in February of 2016 with 2.15.0

@ziedbargaoui
Copy link

Even in the newest version 2.16.0 it's not solved yet, any perspectives?

@quba
Copy link
Contributor

quba commented Mar 15, 2016

related #9807

@mattab mattab modified the milestones: Long term, Mid term Dec 5, 2016
@mattab mattab changed the title Page Overlay without HTTPS Page Overlay on a HTTP page does not work when Matomo runs on HTTPS Feb 13, 2020
@michalkleiner
Copy link
Contributor

Closing this as an old issue. We have already resolved 9807 and we now have a FAQ/guide for troubleshooting.

@michalkleiner michalkleiner closed this as not planned Won't fix, can't repro, duplicate, stale Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Development

No branches or pull requests

8 participants