@mattab opened this Issue on February 17th 2014 Member

Follow up from #4001

Regarding the Overlay report:

In case the Overlay report website does not load over HTTPS, could we default to HTTP for overlay report?

Overlay opens in a new window, so we could:

  • open that new window over HTTP if we know the website is not https
  • redirect from https to http if the overlay didn't load over https


  • Test if this would work at all
  • deal with the auth cookie set which is set with "secure" flag right now.
  • Only do this when Piwik is not loaded over https
@gruberro commented on July 25th 2014


@dazorni commented on July 25th 2014


@CanuckNick commented on January 14th 2015

We're running into this same issue right now. We use force_ssl in our Piwik configuration but most of our 200 web sites do not support SSL. This is a very cool feature that would be nice to have working but I understand the technical hurdles. I would be fine with switching to regular HTTP when applicable for the Overlay report.

I'm not sure if this would work, but could you possibly pass the users auth token to the HTTP instance to allow the report to run and to avoid issues with the secure cookie? That's just off the top of my head, I haven't done any research on potential issues.

@mattab commented on February 19th 2015 Member

in #7067 this issue was described as a "Hack" so I will close it as "wontfix" and we can discuss a proper solution in #7067 - please comment there to be notified of updates

This Issue was closed on February 19th 2015
Powered by GitHub Issue Mirror