New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly enable access to web cron script #266
Conversation
It shouldn't be publicly accessible by default as it could lead to potential DoS attack. |
Docs mention it: |
Ok, I see CronArchive checks token_auth. But the code says archive.* scripts are deprecated or not recommended. Maybe this use case should no longer be documented? |
I don't know, I'm just an user. So there is another front controller for web cron? By the way, one travis job failed, but it doesn't seem to be related to this issue. |
the archive.php is still used for webcron (the warning is not shown in the webcron). |
@mattab Only reason is that the |
yes please exclude it as it is not needed to access this file from HTTP |
@mattab Done. Not sure what's happening with tests though. |
Explicitly enable access to web cron script
The failures are un-related to your change, I tried to fix one here: 5e3a47a |
Yeah, as for [https://travis-ci.org/piwik/piwik/jobs/23912449] it seems that test failed one because of 2 microseconds difference in assertion, the other one might be travis issue |
Not sure if it helps, but recently Travis switched PHPUnit installation from PEAR to PHAR: travis-ci/travis-ci#2223 |
When somehow parent folder receives
.htaccess
file withDeny from all
rules.See issue [http://forum.piwik.org/read.php?2,109382]