Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chrome shows empty opt-out iframe #8634

Closed
renegat4 opened this issue Aug 25, 2015 · 4 comments
Closed

Chrome shows empty opt-out iframe #8634

renegat4 opened this issue Aug 25, 2015 · 4 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Milestone
Backlog (Help wan...

Comments

@renegat4
Copy link

Current Chrome doesn't show the opt-out because of conflicting Values for X-Frame-Options.

Source seems to be in core/View.php:

// always sending this header, sometimes empty, to ensure that Dashboard embed loads
(which could call this header() multiple times, the last one will prevail)

The header ist set two times, first with 'sameorigin' second empty.

So the last one will not prevail. Chrome sees them all and refuses to show the content.
@tsteur
Copy link
Member

tsteur commented Aug 26, 2015

Current Chrome you mean version 44? I just tried to reproduce but works fine for me. Quickly had a look at the code but couldn't find why it should be set multiple times, only had a quick view though. Are you using any custom plugins? What's your PHP version?

@renegat4
Copy link
Author

Yes, Chrome 44.0 (Linux). But the Problem is the same under Chrome/MacOSX (dont know Chrome version there).

PHP is 5.5.9-1ubuntu4.11

One Plugin is installed: CustomOptOut (v0.3.1)
Deaktivating the Plugin does not help.

The Error in chrome console is:

Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ') encountered when loading '...index.php?module=CoreAdminHome&idSite=2&action=optOut&language=de'. Falling back to 'DENY'.

My current workaround is:

if ((string)$this->xFrameOptions != '') {
  Common::sendHeader('X-Frame-Options: ' . (string)$this->xFrameOptions);
}

@mattab mattab added the Bug For errors / faults / flaws / inconsistencies etc. label Aug 26, 2015
@mattab mattab added this to the 2.15.0 milestone Aug 26, 2015
@tsteur
Copy link
Member

tsteur commented Aug 27, 2015

Just noticed it was moved to 2.15.0. Maybe someone else from the team can try to reproduce it and if so, work on a fix

@mattab mattab removed this from the 2.15.0 milestone Aug 31, 2015
@mattab
Copy link
Member

mattab commented Sep 20, 2015

@renegat4 I also can't reproduce. Which version of Piwik are you using? did you maybe customise the config.ini.php with some settings?

@mattab mattab added this to the Short term milestone Sep 20, 2015
@mattab mattab closed this as completed Nov 26, 2015
@mattab mattab added the worksforme The issue cannot be reproduced and things work as intended. label Nov 26, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Milestone
Backlog (Help wanted)
Development

No branches or pull requests
3 participants
@tsteur @mattab @renegat4