Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow opt-out to be shown within an iframe on other domains #6132

Closed
wants to merge 1 commit into from
Closed

Allow opt-out to be shown within an iframe on other domains #6132

wants to merge 1 commit into from

Conversation

Guite
Copy link

@Guite Guite commented Sep 5, 2014

In Piwik 2.6.1 the opt-out iframes are not shown anymore, because the X-Frame-Options setting blocks them at least when they are included within another domain.
This PR fixes this problem.

@mattab mattab added the Bug For errors / faults / flaws / inconsistencies etc. label Sep 8, 2014
@mattab mattab modified the milestones: Piwik 2.7.0, Piwik 2.8.0 Sep 8, 2014
@mattab mattab closed this in 25545fd Sep 10, 2014
@mattab
Copy link
Member

mattab commented Sep 10, 2014

Thanks for the Pull request!

@thmarx
Copy link

thmarx commented Sep 10, 2014

You made my day!

@mattab mattab mentioned this pull request Sep 16, 2014
Closed
@florianjacob
Copy link
Contributor

I have this problem again, using piwik 2.12.1 and firefox 37.0.1. Checked headers with curl -I and it seems like X-Frame-Options is empty for the iframe url, while being set to sameorigin for other urls. Just tried with oxfam.de, same result:

$ curl -I "https://www.oxfam.de/piwik/index.php?module=CoreAdminHome&action=optOut&language=de"
Date: Wed, 15 Apr 2015 21:47:00 GMT
Server: Apache
Cache-Control: no-storPragma: 
Expires:e, must-revalidate
X-Frame-Options: 
[..]
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8

$ curl -I "https://www.oxfam.de/piwik/index.php"
HTTP/1.1 200 OK
Date: Wed, 15 Apr 2015 21:48:46 GMT
Server: Apache
Cache-Control: no-store, must-revalidate
X-Frame-Options: sameorigin
[..]
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8

@mattab
Copy link
Member

mattab commented Apr 16, 2015

Hi @florianjacob could you create a new issue for your problem? (this PR is closed)

@florianjacob
Copy link
Contributor

Excuse me, I wasn't sure wether a new issue would have been appropriate. Opened #7689.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Guite @mattab @thmarx @florianjacob