followup to #13193 and reported on the forum:
assume_secure_protocol=1 is already set, Matomo shouldn't complain to setup SSL.
I am seeing the same bug. Is there a timeline for a fix?
Two years later I was again thinking about this and I'm not 100% sure if the current status isn't correct. If I am not mistaken
force_ssl=1 tells Matomo that it is set up via HTTPS and it therefore should use only HTTPS URLs, secure cookies, etc.
assume_secure_protocol=1 alone does not force that, which means that if you use Matomo behind a reverse proxy that adds SSL, you still need to add
force_ssl=1 to get secure cookies (as the system check reminds)
There is even a function in Matomo that checks this case:
Of course one could argue that
assume_secure_protocol=1 should always automatically set
force_ssl=1, but I am also not sure about that as that would make the meaning of
In case I am wrong, changing the check is simply a matter of modifying this: