If you are using Piwik in a HTTPS installation and include some pages that are only via HTTP available, you see in the page overlay mode an error by loading.
In this case a website is hosted as a webpackage and the provider does not support HTTPS for the sites. But if you load the site by entering a https:// before the URI, the server responses with a wrong certificate which is not signed for this domain. I entered the site URI without https:// in the Piwik-config, but Piwik tries to load the overlay via https anyway.
I guess that this is an issue in Piwik. This could by solved by using the given site URI in the config or if there is an option for each site in the config, where you can disable a HTTPS support for this site.
I don't want to disable the SSL for my hosted Piwik, to use the site overlay for non SSL sites.
Best Regards and much thanks for this open source project!
Thx for the report.
I understand #4700 would not be a solution for you which I totally reasonable.
Hi thx for reply! This is not really a solution, it is more like a "get it working"-hack. I don't want so serve Piwik itself via HTTP, because of data privacy/protection.
A real solution to this problem could be a checkbox in the SiteManager for each site which is called "force http" or something like that. Or it depends on the entered URI, so if it starts with https://, then use HTTPS as default for the overlay stuff. Otherwise just http://.
A fallback is nice, but should not be default. Because sometime you got an response from a server that provides SSL but nor for this domain. So how to you want to process all this possible states. It is -in my opinion- easier to set this aware for each site.
Totally agree with this. It is a hack and not really acceptable for most people.
Mixed Content: The page at /index.php?module=Overlay&period=month&date=today&idSite=10#l=http$3A$2F$2Florem.de$2F' was loaded over HTTPS, but requested an insecure resource 'http://lorem.de/'. This request has been blocked; the content must be served over HTTPS.
A solution would be to extend the Controller with a proxy functionality. So that not the browser tries load the Frame-Data, but the server with the piwik installation itself. Otherwise there is not possibility to view HTTP in a HTTPS context.
I actually am not sure whether this would work at all or whether there is a solution for this issue? Maybe google analytics has solved this since they use HTTPS for their web UI yet and I guess their overlay also work on HTTP pages.
I didn't have a detailed look but I think we can make this work.
@tsteur do you think it could be done in a few hours? if so, I would be keen to add to next milestones as it's recurrent issue and again yesterday was confronted with this bug by a user in the office.
Hard to tell. I currently haven't configured my Piwik for HTTPS so I'm not sure where it fails or what the problem is
Adding my vote for this. I have some users that are also looking to use this feature but since we run our Piwik interface under SSL and not all of our sites support SSL it doesn't work. I would be willing to test any code as a solution to this.
Hi there, is there something new?
Any updates on this? This is still a problem in February of 2016 with 2.15.0
Even in the newest version 2.16.0 it's not solved yet, any perspectives?