@Findus23 opened this Issue on March 12th 2019 Member

I just noticed that the Web Cron Docs recommends accessing this URL (I just updated it to include https)
https://matomo.your-server.example/path/to/piwik/misc/cron/archive.php?token_auth=XYZ

Sending the admin token via GET isn't ideal, but it seems to be hardcoded:

https://github.com/matomo-org/matomo/blob/7edf461477aa2f732c3e1fda506d7a476d93b62d/misc/cron/archive.php#L60

Would it be possible to update the script to support POST (and mention it in the docs) or maybe even recommend people to directly call CoreAdminHome.runCronArchiving?

@simivar commented on March 29th 2019 Contributor

I see that archive.php script is deprecated while running from CLI and user is redirected to core:archive. What do you think about adding some DEPRECATED message in HTTP-mode while we are at it?

@mattab commented on July 26th 2021 Member

Added little mention in https://matomo.org/docs/setup-auto-archiving/

For security, if possible we recommend you POST the token_auth parameter to the URL https://matomo.your-server.example/path/to/matomo/misc/cron/archive.php (instead of sending the token_auth as a GET parameter)

This Issue was closed on June 25th 2021
Powered by GitHub Issue Mirror