@mtandersson opened this Issue on November 20th 2014

When piwik is running behind a proxy that terminates ssl (in my case cloudfront (terminates ssl) -> elb -> instance ). I will get the following error trying to load the real time map:

[blocked] The page at 'https://<removed>/piwik/index.php?module=CoreHome&action=index&i…serCountryMap&action=realtimeWorldMap&idSite=1&period=range&date=previous7' was loaded over HTTPS, but ran insecure content from 'http://<removed>/piwik/plugins/UserCountryMap/svg/world.svg': this content should also be loaded over HTTPS.
 index.php?module=CoreHome&action=index&idSite=1&period=range&date=previous7:1

It works if i run the following setup

cloudfront (terminates ssl) -> instance

So I am guessing that it is the extra layer of proxy/lb that triggers the error. I am using 2.9.

@mattab commented on December 1st 2014 Owner

Hi @mtandersson thanks for the report

@mattab commented on April 8th 2015 Owner

let's investigate this issue as part of the broader set of bugs in #6880 -> our goal will be to make Piwik work perfectly in this special use case which many users have reported issues with.

@tsteur commented on July 13th 2015 Owner

This might be easier to fix than all the other referenced issues in #6880 just FYI. So not sure if it is worth waiting

@simpleuser99 commented on July 27th 2015

@tsteur When we will have resolve for this issue ?

@tsteur commented on July 27th 2015 Owner

It's not scheduled so it may take a couple of months. @mattab as it might be easier to fix than the others and as it is a bug that makes it impossible to use with HTTPS (maybe even a regression), maybe it is worth to schedule it a bit earlier but not sure.

@tsteur commented on August 12th 2015 Owner

@mtandersson can you let us know the content of PHP $_SERVER? We kinda need it in order to fix this issue.

To get it, can you create a file like test.php in your Piwik directory and paste

<?php

var_export($_SERVER);

afterwards you can open this file by opening the URL https://yourdomain/test.php in the browser. Please remove this file afterwards again

@simpleuser99 commented on October 16th 2015

Hello! Please tell me when problem with real map will resolve ? I have the similar problem https://github.com/piwik/piwik/issues/8239 and i want to know about this.

@tsteur commented on October 27th 2015 Owner

@simpleuser99 to solve this issue we need your help see the comment above. Would be nice if you could send us the output of that test.php

@simpleuser99 commented on October 28th 2015
@tsteur commented on October 28th 2015 Owner

@simpleuser99 do you mind adding this line https://github.com/piwik/piwik/pull/9099/files#diff-a1ef1fb37277203311f5eed60b826653R119 to core/IP.php and see if it changes something for you?

If not, do you mind copy/pasting the actual content of this into this issue? Feel free to anonymize the parts you blacked out. To test it, we need the IP information though that you also blacked out. Here's an idea: Say there is an IP please replace all occurrences of the same IP with any random IP say 111.111.111.111. If there's another IP replace all occurrences with another IP say 111.111.111.112. This will be needed for us to reproduce it.

@simpleuser99 commented on October 29th 2015

@tsteur I adding line 119 (return '';) to my core/IP.php, but I don't see any changes in piwik web interface.
I attached new test.php screenshot according to your request
test2

I remind you, my problem is https://github.com/piwik/piwik/issues/8239

@tsteur commented on November 1st 2015 Owner

Thx! I reckon we could check for the $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = 1 and maybe assume it is HTTPS. (see eg http://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header and http://www.w3.org/TR/upgrade-insecure-requests/ and http://www.w3.org/TR/upgrade-insecure-requests/#examples ) but from what I understand it doesn't necessarily mean HTTPS is actually used. The HTTP_X_FORWARDED_PROTO entry is missing here. Not sure if it is a server side misconfiguration on the load balancer or so (it seems like HTTPS is terminated on the load balancer). Not finding too much information re HTTP_UPGRADE_INSECURE_REQUESTS.

@tsteur commented on November 2nd 2015 Owner

We were just talking about detecting a misconfigured system (Piwik server side says HTTPS is not used but JavaScript detects HTTPS) and then letting a user know how to fix it (assume_secure_protocol=1).

As we can't fix all the cases this might be the way to go

@mattab commented on November 2nd 2015 Owner

We were just talking about detecting a misconfigured system (Piwik server side says HTTPS is not used but JavaScript detects HTTPS) and then letting a user know how to fix it

Created issue: When the page is loaded over HTTPS but Piwik thinks it is loaded over HTTP, explain in a notification how to solve issue #9145

@mattab commented on November 2nd 2015 Owner

I reckon we could check for the $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = 1 and maybe assume it is HTTPS.

we just tested and found that Chrome seems to always set 'HTTP_UPGRADE_INSECURE_REQUESTS' => '1', in requests, even on http, so we cannot use this request header flag.

@mattab commented on November 2nd 2015 Owner

This issue will be fixed with the new notification in #9145 explaining to users the "workaround". after internal discussions we couldn't find a better way to solve this issue.

@tsteur commented on November 16th 2015 Owner

I will close this one as we have #9145 for it (and a PR is already issued for it)

This Issue was closed on November 16th 2015
Powered by GitHub Issue Mirror