Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nonce::verifyNonce() returning FALSE when it should not #16057

Closed
luismsgomes opened this issue Jun 11, 2020 · 1 comment
Closed

Nonce::verifyNonce() returning FALSE when it should not #16057

luismsgomes opened this issue Jun 11, 2020 · 1 comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone
3.14.0

Comments

@luismsgomes
Copy link
Contributor

Configuration seems OK to me.

Debugging Nonce::verifyNonce() I noticed:

  1. self::getOrigin(); returns 'https://somedomain.org:443'
  2. self::getAcceptableOrigins() returns array('http://somedomain.org', 'https://somedomain.org')

Thus, the returned origin is not found in the acceptable origins array.

Note the missing ports in the acceptable origins.

Matomo version 3.13.6.
luismsgomes added a commit to luismsgomes/matomo that referenced this issue Jun 11, 2020
@luismsgomes
Fixes matomo-org#16057
f37a377
@luismsgomes luismsgomes mentioned this issue Jun 11, 2020
Merged
@tsteur tsteur added the Bug For errors / faults / flaws / inconsistencies etc. label Jun 11, 2020
tsteur pushed a commit that referenced this issue Jun 24, 2020
@luismsgomes
Fixes #16057 (#16058)
c8297e7 
* Fixes #16057

* Don't return HTTP URLs is force_ssl is true.
@tsteur tsteur added this to the 3.13.7 milestone Jun 24, 2020
@tsteur tsteur closed this as completed Jun 24, 2020
jonasgrilleres pushed a commit to 1024pix/pix-analytics that referenced this issue Sep 22, 2020
@luismsgomes @jonasgrilleres
Fixes matomo-org#16057 (matomo-org#16058)
5479ae2 
* Fixes matomo-org#16057

* Don't return HTTP URLs is force_ssl is true.
jbuget pushed a commit to 1024pix/pix-analytics that referenced this issue Sep 26, 2020
@luismsgomes @jbuget
Fixes matomo-org#16057 (matomo-org#16058)
bda6efe 
* Fixes matomo-org#16057

* Don't return HTTP URLs is force_ssl is true.
@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/cannot-update-from-matomo-4-13-1-to-4-13-3/49515/5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Milestone
3.14.0
Development

No branches or pull requests
3 participants
@tsteur @luismsgomes @MatomoForumNotifications