New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create-security-files should allow access to files that are needed by plugins to be publically accessible #19613
Comments
@Hiradur, thanks for reporting this. The Could you please confirm that the |
There is no I'm wondering now if skipping the installation facilites provided by matomo for plugins like this could cause any other problems. We have chosen this approach to prevent potential problems with our SELinux configuration. |
Hi @Hiradur, thanks for the update. Each individual plugin has an install function that will perform various actions to setup the plugin, this will be different depending on the plugin, so skipping the install function might not cause any problems with one plugin, but cause issues with another. To be sure that the plugin is properly set up the install function needs to be run. If a plugin is activated when it isn't listed as installed in the This might not help for .htaccess files if SELinux is preventing file creation, but would at least cover things like setting up initial values and database changes. For the missing It seems like you've figured out the issue, so I'll close this ticket 🙂 |
Thank you very much for the detailed answer. These plugins recently received an update and I'd like to know whether running a plugin's install function is necessary after plugin updates as well. |
Hi @Hiradur, It's possible that a plugin update might need the install function run again if there was a major change to the database tables, but in most cases this wouldn't be needed. Deactivating and then activating the plugin again will make sure the install function is run. If the updated plugin is working without any issues then it's probably not necessary to do this. |
Alright, thank you very much! |
Summary
On our server, we currently run Matomo version 4.11.0. Matomo updates are managed using Ansible. After every update,
./console core:create-security-files
is run. This has worked fine so far.Recently, we installed the
HeatmapSessionRecording
plugin. For this plugin, the system check reported thatplugins/HeatmapSessionRecording/configs.php
is inaccessible and a manual check in the browser indeed revealed a403
status code. Access to this file was blocked by the.htaccess
file that was created by./console core:create-security-files
in theplugins
directory. Even after installing theHeatmapSessionRecording
plugin, activating it, and re-running./console core:create-security-files
, access toplugins/HeatmapSessionRecording/configs.php
was still blocked. Deletingplugins/.htaccess
allowed access in our case but is not an optimal solution.It would be nice if
core:create-security-files
would create an.htaccess
file in theplugins
directory that would allow access to files that are needed to be publically accessible by plugins.Perhaps there could be some facility for Matomo plugins to report which files they need to be publically accessible and
core:create-security-files
would generate the.htaccess
file in theplugins
directory accordingly.Your Environment
The text was updated successfully, but these errors were encountered: