New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Piwik does not run well behind SSL proxy, generates mixed content http / https. #8030
Comments
Adding to 2.15.0 as this is really important to fix since we get many reports about this issue. |
I presume we cannot trust Also not sure re possible downsides of |
Also we would probably not read It would be really good to have an environment where one can test it. |
FYI: during installation, if user is already using a proxy, the config |
@monty241 can you maybe let us know the content of PHP To get it, can you create a file like
afterwards you can open this file by opening the URL |
Fixing this issue will most likely fix as well #6703 |
Kinda duplicates #6880 but i'll leave this one opened (I have a feeling we have 5-6 or more duplicate issues re: SSL Proxy). Hopefully we will be able to investigate sometime. Any help is very welcome |
See "Wrong URL construction in morpheus template #4433".
Running Piwik 2.13.1.
Error in latest stable release Chrome:
Mixed Content: The page at 'https://piwik.invantive.com/index.php?module=CoreAdminHome&action=generalSettings&idSite=2&period=day&date=today&updated=2' was loaded over HTTPS, but requested an insecure image 'http://piwik.invantive.com/misc/user/logo-header.png'. This content should also be served over HTTPS.
We are running behind a proxy for SSL offloading, so piwik itself is http, but the client's browser sees https. This is a normal setup for larger environments.
Included in source by (Dutch):
In _logo.twig:
And in CustomLogo.php, function getPathToLogo:
And in SettingsPiwik.php, function getPiwikUrl:
This is incorrect. The current URL is not used, the presumed URL is used, but proxying and rewriting are ignored. See for more background for instance http://www.invantive.com/about-invantive/news/entryid/897/ssl-offloading-for-apache-tomcat
Solution something like this:
The text was updated successfully, but these errors were encountered: