New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logo-header.png has absolute path ssl https custom logo branding piwik security warning #2617
Comments
I believe this was fixed in trunk. Can you please test the nightly QA build and confirm it is then working? http://qa.piwik.org:8080/nightly/ thanks |
Hm. I installed the nightly build piwik-svn-r50899. Piwik reports it as 1.5.2. "#logo a img" on both pages (login and "normal" page) use absolute paths. |
after you upload a new logo does it work fine? |
Even when I use a custom logo, it's the same. The path is absolute and starts with a "http://" |
can you give the URL of the page you are on, and the full IMG tag found in the source code of the page? i'm asking because reading the code i don't see how the bug couldnt be fixed on trunk. |
on index.php (login page, using default logo):
on index.php (login page, using custom logo):
on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using default logo)
on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using custom logo)
Also checked if the proxy rewriting something, it's not. Even when acessing the site via plain http I see an absolute url with protocol. |
The absolute URLs are required for email HTML reports. For your use case, you should be setting: assume_secure_protocol=1 in config/config.ini.php, e.g.,
|
That fixed it, thanks! But maybe you could add an FAQ entry or something inside the README, so that others can find a solution faster :-) |
I installed piwik on an apache server. The page is delivered via http from PHPs "point of view".
Later, the connection is via https. I get a security warning in the browser because the logo-header.png file is still delivered via http protocol. Seems to me as if PHP tries to figure out the "absolute" path (+protocol) for that file.
Can this be changed to a relative one like all the other images, so that this warning will go away?
The text was updated successfully, but these errors were encountered: