accept inavlid ssl cert for development #15634
Conversation
|
Guess would make sense to add a default value to global.ini.php with a comment what it's good for. Lines 177 to 188 in 35467f5 |
|
Honestly I think this option should either only work when development mode is enabled or show a permanent, non-dismissable warning in Matomo (or at least the system check). |
|
Yeah agree - this should only work if Development module is active, and show a warning at system check - my goal with this first version on the pull request is to get the feedback. There are some problems with some development tools for some setups if you can not bypass invalid certs (local development mostly), but like said - it could be a security risk. |
sgiehl
added
the
Pull Request WIP
| @@ -96,8 +96,13 @@ public static function sendHttpRequest($aUrl, | |||
| // create output file | |||
| $file = self::ensureDestinationDirectoryExists($destinationPath); | |||
|
|
|||
| $acceptInvalidSslCertificate = false; | |||
| if (isset(Config::getInstance()->Development['accept_invalid_ssl'])) { | |||
There was a problem hiding this comment.
@mikkeschiren could you add a default value to the config/global.ini.php for accept_invalid_ssl? And also add Development::isEnabled() to the check?
There was a problem hiding this comment.
@mikkeschiren any chance you could check out my comment above and add the default value?
|
@mikkeschiren I'll close this PR for now as we haven't heard from you in a while but will be happy to reopen should you be keen to follow up on the other comments. Simply let us know and we'd be happy to review things again. |
A suggestion to except invalid ssl cert in curl request for development, I think it could help out people for some functionality.