@Findus23 opened this Issue on October 24th 2020 Member

At the moment Matomo only shows the following error:

Fehler : Sicherheitschecks fehlgeschlagen. Bitte laden Sie das Formular erneut und prüfen Sie, ob Ihr Browser Cookies zulässt. Wenn Sie einen Proxy Server verwenden, müssen Sie Matomo so einrichten, dass es Proxy Header akzeptiert.

https://github.com/matomo-org/matomo/blob/da456513866ea0e276c51b046af5139244968a23/plugins/Login/lang/en.json#L8

But when the user has Cookies enabled (which is pretty likely) and is sure that they don't use a reverse proxy (shouldn't it say reverse proxy instead of proxy in the message?), there is no way for them to troubleshoot this issue further, and they will most likely just give up on using Matomo.

Maybe all checks that could fail in verifyNonce() and isLocalUrl() should be logged or even help display a more helpful error message.

https://github.com/matomo-org/matomo/blob/679e73f1236969db0c2d767655cb84456a727d24/core/Nonce.php#L70
https://github.com/matomo-org/matomo/blob/06d43857c48ada2fa7f1ad18a8309e8826c0e413/core/Url.php#L547

@Starker3 commented on October 29th 2020

Same error message occurs with the following in the console:
Cookie "MATOMO_SESSID" has been rejected because there is an existing "secure" cookie.

This error occurs when connecting to matomo over http when previously connecting over https, could be useful to add additional text in the default error message along the following lines:
If you previously connected using https, please ensure you you are connecting over a secure (SSL/TLS) connection and try again

Powered by GitHub Issue Mirror