Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for updates over HTTPS #7488

Open
taoeffect opened this issue Mar 19, 2015 · 1 comment
Open

Check for updates over HTTPS #7488

taoeffect opened this issue Mar 19, 2015 · 1 comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
Backlog (Help wan...

Comments

@taoeffect
Copy link

At @mattab's suggestion:

The check for new version is done over HTTP so far. that's maybe an issue, so feel free to create a new issue for that

See concern here: #6441 (comment)
@mattab mattab mentioned this issue Mar 31, 2015
Closed
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Apr 8, 2015
@mattab mattab added this to the Mid term milestone Apr 8, 2015
@mattab mattab added the Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. label Apr 8, 2015
@mattab mattab modified the milestones: Long term, Mid term Dec 5, 2016
@ziegenberg
Copy link
Contributor

I think this can be closed because Matomo already does try to use HTTPS when supported on the server-side. See

matomo/plugins/Marketplace/config/config.php

Lines 8 to 16 in 2ac2bc1

'MarketplaceEndpoint' => function (ContainerInterface $c) {
$domain = 'http://plugins.matomo.org';
$updater = $c->get('Piwik\Plugins\CoreUpdater\Updater');
if ($updater->isUpdatingOverHttps()) {
$domain = str_replace('http://', 'https://', $domain);
}
return $domain;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Projects
None yet
Milestone
Backlog (Help wanted)
Development

No branches or pull requests
3 participants
@taoeffect @mattab @ziegenberg