Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use https protocol in tracking code if force_ssl is enabled #12799

Merged
merged 2 commits into from May 1, 2018

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Apr 30, 2018

fixes #7366

@sgiehl sgiehl added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Apr 30, 2018
@sgiehl sgiehl added this to the 3.5.0 milestone Apr 30, 2018
@Findus23
Copy link
Member

Many thanks! 🎉

I'd go even a step further and document somewhere that the non-https tracking codes should be replaced.
Thankfully a lot of people are using https for Matomo (or the InnoCraft cloud), but have to track non-https sites.
So for most people all data is sent unencrypted and twice unnecessarily.

@diosmosis
Copy link
Member

LGTM, but 👍 to let users know in some way if they're using force_ssl and their tracking code is http://, that it needs to change. Maybe a new diagnostic and/or some kind of notification?

@diosmosis
Copy link
Member

Actually, one thing, can we add a test to TrackerCodeGeneratorTest for this case?

@Findus23
Copy link
Member

@diosmosis In addition the same issue is with people using //matomo.example/ URLs.

Do you have any idea on how to detect this (as depending on webserver config the HTTP request never reaches Matomo)?

@diosmosis
Copy link
Member

I was imagining a diagnostic that would request the site's page server side and look for the tracking code (as I believe GA does).

@Findus23
Copy link
Member

@diosmosis That sounds like a good idea (even though it may not work in some situations).

Maybe a server-based debugging tool is more successful than my browser-extension-based one.

@sgiehl
Copy link
Member Author

sgiehl commented Apr 30, 2018

+1 for adding some type of diagnostic for that. But maybe we should handle that in another issue/pr as I'm not sure if we can handle that before the release of 3.5.0

@diosmosis
Copy link
Member

I'll create an issue later today.

@tsteur
Copy link
Member

tsteur commented Apr 30, 2018

💯

@diosmosis
Copy link
Member

Created new issue here: #12801

@diosmosis diosmosis merged commit e43e6ff into 3.x-dev May 1, 2018
@diosmosis diosmosis deleted the trackingcodessl branch May 1, 2018 02:18
InfinityVoid pushed a commit to InfinityVoid/matomo that referenced this pull request Oct 11, 2018
…rg#12799)

* Use https protocol in tracking code if force_ssl is enabled

* Add tracking code generator test for force_ssl = 1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Tracking code could use HTTPS when the Piwik server is configured to force SSL connections
4 participants