@Findus23 opened this Issue on March 12th 2019 Member

I just noticed that the Web Cron Docs recommends accessing this URL (I just updated it to include https)

Sending the admin token via GET isn't ideal, but it seems to be hardcoded:


Would it be possible to update the script to support POST (and mention it in the docs) or maybe even recommend people to directly call CoreAdminHome.runCronArchiving?

@simivar commented on March 29th 2019 Contributor

I see that archive.php script is deprecated while running from CLI and user is redirected to core:archive. What do you think about adding some DEPRECATED message in HTTP-mode while we are at it?

@mattab commented on July 26th 2021 Member

Added little mention in https://matomo.org/docs/setup-auto-archiving/

For security, if possible we recommend you POST the token_auth parameter to the URL https://matomo.your-server.example/path/to/matomo/misc/cron/archive.php (instead of sending the token_auth as a GET parameter)

This Issue was closed on June 25th 2021
Powered by GitHub Issue Mirror