Adds system check for forced SSL connection #13193
Conversation
sgiehl
added
not-in-changelog
lang/en.json
Outdated
| @@ -211,6 +211,8 @@ | |||
| "FileIntegrityWarningReuploadBis": "Try to reupload all the Matomo files in BINARY mode.", | |||
| "First": "First", | |||
| "Flatten": "Flatten", | |||
| "ForcedSSL": "Forced SSL Connection", | |||
| "ForceSSLRecommended": "We recommend using Matomo over secure SSL connections only. To disallow unsecure access over http add `force_ssl = 1` to `General` section in Matomo config.", | |||
There was a problem hiding this comment.
Think force_ssl = 1 and General don't need to be translated correct? And are the backticks supposed to be there or should there be <code> elements (inserted via placeholder)?
There was a problem hiding this comment.
Would change "disallow unsecure" to "prevent insecure", otherwise sounds good to me.
|
|
||
| $comment = $this->translator->translate('General_ForceSSLRecommended'); | ||
|
|
||
| return array(DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_WARNING, $comment)); |
There was a problem hiding this comment.
Also, should this check run if matomo isn't currently on https? If it isn't and a user adds force_ssl = 1, they may be confused why it doesn't work.
There was a problem hiding this comment.
It should be checked and warned about! But with another text indicating the fact that a certificate need to be deployed first (with a link to eff's org maybe?).
There was a problem hiding this comment.
I've added an additional sentence in that case:
Attention: Doing this without having set up an SSL certificate for using HTTPS will break Matomo.
* Adds system check for forced SSL connection * review adjustments * update screenshots * update screenshot
Maybe the message shown if force_ssl is disabled can be further improved...
fixes #7279