New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New system check to Warn users if force_ssl is not yet enabled #7279
Comments
Add force_ssl = 1 under [General] section of config.ini.php. |
Explained in this faq |
I see. |
many users don't have SSL on their servers unfortunately |
What about adding an checkbox in install to enable ssl forcing? And if
piwik is installed using https we could check that option as default.
|
I understand that not everyone has SSL available. |
That's good point, reopening! |
Current detection code is here: https://github.com/piwik/piwik/blob/master/core/FrontController.php#L516-L538 @sirtet how can you "detect" that, without performance lose? |
|
The problem with detecting it once is that maybe it works today, but in 2 months the SSL will be broken. Redirecting to SSL would break Piwik in this case. But maybe it's acceptable for added security... |
See also the related issue: #7366 (comment) |
Instead of detecting and redirecting to SSL, we should rather add a new system check to issue a warning when force_ssl is not used, this will help users work to enable SSL on their Piwik server (updated ticket title) |
It seems that piwik does not automatically redirect to https.
Shouldn't that be done to increase safety? Protect the login credentials as well as all that sensitive user data...
The text was updated successfully, but these errors were encountered: