Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logo-header.png has absolute path ssl https custom logo branding piwik security warning #2617

Closed
anonymous-matomo-user opened this issue Aug 8, 2011 · 8 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@anonymous-matomo-user
Copy link

I installed piwik on an apache server. The page is delivered via http from PHPs "point of view".

Later, the connection is via https. I get a security warning in the browser because the logo-header.png file is still delivered via http protocol. Seems to me as if PHP tries to figure out the "absolute" path (+protocol) for that file.

Can this be changed to a relative one like all the other images, so that this warning will go away?

@mattab
Copy link
Member

mattab commented Aug 10, 2011

I believe this was fixed in trunk. Can you please test the nightly QA build and confirm it is then working? http://qa.piwik.org:8080/nightly/ thanks

@anonymous-matomo-user
Copy link
Author

Hm.

I installed the nightly build piwik-svn-r50899. Piwik reports it as 1.5.2.

"#logo a img" on both pages (login and "normal" page) use absolute paths.

@mattab
Copy link
Member

mattab commented Aug 10, 2011

after you upload a new logo does it work fine?

@anonymous-matomo-user
Copy link
Author

Even when I use a custom logo, it's the same.

The path is absolute and starts with a "http://"

@mattab
Copy link
Member

mattab commented Aug 10, 2011

can you give the URL of the page you are on, and the full IMG tag found in the source code of the page?

i'm asking because reading the code i don't see how the bug couldnt be fixed on trunk.

@anonymous-matomo-user
Copy link
Author

on index.php (login page, using default logo):

<div id="logo"> 
<a href="http://piwik.org" title="Open Source Analytics">       <img src='http://piwik.******.de/themes/default/images/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'> 
<div class="description"># Open Source Analytics</div> 
</a>    </div> 

on index.php (login page, using custom logo):

<div id="logo"> 
<img src='http://piwik.******.de/themes/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'>
</div>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using default logo)

<span id="logo"> 
<a href="index.php" title="Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/default/images/logo-header.png' alt="Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using custom logo)

<span id="logo"> 
<a href="index.php" title="Powered by Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/logo-header.png' alt="Powered by Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

Also checked if the proxy rewriting something, it's not. Even when acessing the site via plain http I see an absolute url with protocol.

@robocoder
Copy link
Contributor

The absolute URLs are required for email HTML reports.

For your use case, you should be setting: assume_secure_protocol=1 in config/config.ini.php, e.g.,

[General]
assume_secure_protocol=1

@anonymous-matomo-user
Copy link
Author

That fixed it, thanks!

But maybe you could add an FAQ entry or something inside the README, so that others can find a solution faster :-)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

3 participants