In some environments, a fixup is applied to HTTP_HOST such that it doesn't match the host in SCRIPT_URI. Example:
$_SERVER['HTTP_HOST']
contains 'www.example.com' $_SERVER['REQUEST_URI']
contains 'http://example.com/piwik'This causes isLocalUrl() and ultimately, the Nonce verification on the Referer to fail.
(In [4750]) fixes #2444
(In [4754]) refs #2444 - relax isLocalReferer() test so that it's comparable to the Origin: test
(In [4756]) refs #2444
(In [4757]) refs #2444
(In [4758]) refs #2444
(In [4760]) refs #2444 - re-enable unit test