@mikkeschiren opened this Pull Request on February 28th 2020 First_time_contributor

A suggestion to except invalid ssl cert in curl request for development, I think it could help out people for some functionality.

@sgiehl commented on February 28th 2020 Member

Guess would make sense to add a default value to global.ini.php with a comment what it's good for.
See https://github.com/matomo-org/matomo/blob/35467f54cd3e1dae889d88ae4f80d4626f9127ed/config/global.ini.php#L177-L188

@Findus23 commented on February 28th 2020 Member

Honestly I think this option should either only work when development mode is enabled or show a permanent, non-dismissable warning in Matomo (or at least the system check).
Otherwise it would be far to easy to accidently undermine a huge part of the security.

@mikkeschiren commented on February 29th 2020

Yeah agree - this should only work if Development module is active, and show a warning at system check - my goal with this first version on the pull request is to get the feedback. There are some problems with some development tools for some setups if you can not bypass invalid certs (local development mostly), but like said - it could be a security risk.

Powered by GitHub Issue Mirror