New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds system check for forced SSL connection #13193
Conversation
lang/en.json
Outdated
@@ -211,6 +211,8 @@ | |||
"FileIntegrityWarningReuploadBis": "Try to reupload all the Matomo files in BINARY mode.", | |||
"First": "First", | |||
"Flatten": "Flatten", | |||
"ForcedSSL": "Forced SSL Connection", | |||
"ForceSSLRecommended": "We recommend using Matomo over secure SSL connections only. To disallow unsecure access over http add `force_ssl = 1` to `General` section in Matomo config.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think force_ssl = 1
and General
don't need to be translated correct? And are the backticks supposed to be there or should there be <code>
elements (inserted via placeholder)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would change "disallow unsecure" to "prevent insecure", otherwise sounds good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed.
|
||
$comment = $this->translator->translate('General_ForceSSLRecommended'); | ||
|
||
return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_WARNING, $comment)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, should this check run if matomo isn't currently on https
? If it isn't and a user adds force_ssl = 1
, they may be confused why it doesn't work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be checked and warned about! But with another text indicating the fact that a certificate need to be deployed first (with a link to eff's org maybe?).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added an additional sentence in that case:
Attention: Doing this without having set up an SSL certificate for using HTTPS will break Matomo.
* Adds system check for forced SSL connection * review adjustments * update screenshots * update screenshot
Maybe the message shown if force_ssl is disabled can be further improved...
fixes #7279