@a5a351e7 opened this Issue on January 24th 2015

If you are using Piwik in a HTTPS installation and include some pages that are only via HTTP available, you see in the page overlay mode an error by loading.

In this case a website is hosted as a webpackage and the provider does not support HTTPS for the sites. But if you load the site by entering a https:// before the URI, the server responses with a wrong certificate which is not signed for this domain. I entered the site URI without https:// in the Piwik-config, but Piwik tries to load the overlay via https anyway.

I guess that this is an issue in Piwik. This could by solved by using the given site URI in the config or if there is an option for each site in the config, where you can disable a HTTPS support for this site.

I don't want to disable the SSL for my hosted Piwik, to use the site overlay for non SSL sites.

Best Regards and much thanks for this open source project!

@tsteur commented on January 25th 2015 Member

Thx for the report.

I understand #4700 would not be a solution for you which I totally reasonable.

@a5a351e7 commented on January 25th 2015

Hi thx for reply! This is not really a solution, it is more like a "get it working"-hack. I don't want so serve Piwik itself via HTTP, because of data privacy/protection.

A real solution to this problem could be a checkbox in the SiteManager for each site which is called "force http" or something like that. Or it depends on the entered URI, so if it starts with https://, then use HTTPS as default for the overlay stuff. Otherwise just http://.

A fallback is nice, but should not be default. Because sometime you got an response from a server that provides SSL but nor for this domain. So how to you want to process all this possible states. It is -in my opinion- easier to set this aware for each site.

@tsteur commented on January 25th 2015 Member

Totally agree with this. It is a hack and not really acceptable for most people.

@a5a351e7 commented on January 25th 2015

I tried to add a "return url;" in plugins/Overlay/Controller.php as first line in handleProtocol javascript function. But this causes a:

Mixed Content: The page at /index.php?module=Overlay&period=month&date=today&idSite=10#l=http$3A$2F$2Florem.de$2F' was loaded over HTTPS, but requested an insecure resource 'http://lorem.de/'. This request has been blocked; the content must be served over HTTPS.

A solution would be to extend the Controller with a proxy functionality. So that not the browser tries load the Frame-Data, but the server with the piwik installation itself. Otherwise there is not possibility to view HTTP in a HTTPS context.

@mattab commented on February 19th 2015 Member

I actually am not sure whether this would work at all or whether there is a solution for this issue? Maybe google analytics has solved this since they use HTTPS for their web UI yet and I guess their overlay also work on HTTP pages.

@tsteur commented on February 19th 2015 Member

I didn't have a detailed look but I think we can make this work.

@mattab commented on February 19th 2015 Member

@tsteur do you think it could be done in a few hours? if so, I would be keen to add to next milestones as it's recurrent issue and again yesterday was confronted with this bug by a user in the office.

@tsteur commented on February 19th 2015 Member

Hard to tell. I currently haven't configured my Piwik for HTTPS so I'm not sure where it fails or what the problem is

@CanuckNick commented on March 6th 2015

Adding my vote for this. I have some users that are also looking to use this feature but since we run our Piwik interface under SSL and not all of our sites support SSL it doesn't work. I would be willing to test any code as a solution to this.

@a5a351e7 commented on March 31st 2015

Hi there, is there something new?

@mddvul22 commented on February 5th 2016

Any updates on this? This is still a problem in February of 2016 with 2.15.0

@ziedbargaoui commented on March 15th 2016

Even in the newest version 2.16.0 it's not solved yet, any perspectives?

@quba commented on March 15th 2016 Contributor
Powered by GitHub Issue Mirror