You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BugFor errors / faults / flaws / inconsistencies etc.MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
After upgrading from a really old Piwik installation (0.5.x), I cannot login anymore.
The problem boils down to the referrer check during nonce validation.
URL::getLocalReferer() calls URL::isLocalUrl() with the current referer.
Eventually, the referer is compared against $_SERVER['HTTP_HOST'] from URL::getCurrentHost().
In my case, $_SERVER['HTTP_HOST'] is the name of the internal server name which is not known outside, while the referer contains the public, "official" domain name.
There should be an option to specify the default public url used for referer checking, or just use the first url of the urls areeady provided for a website.
The text was updated successfully, but these errors were encountered:
BugFor errors / faults / flaws / inconsistencies etc.MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
After upgrading from a really old Piwik installation (0.5.x), I cannot login anymore.
The problem boils down to the referrer check during nonce validation.
URL::getLocalReferer() calls URL::isLocalUrl() with the current referer.
Eventually, the referer is compared against $_SERVER['HTTP_HOST'] from URL::getCurrentHost().
In my case, $_SERVER['HTTP_HOST'] is the name of the internal server name which is not known outside, while the referer contains the public, "official" domain name.
There should be an option to specify the default public url used for referer checking, or just use the first url of the urls areeady provided for a website.
The text was updated successfully, but these errors were encountered: