Opened 3 years ago

Closed 3 years ago

#2606 closed Bug (fixed)

Piwik_Url: getCurrentSchema() should check assume_secure_protocol

Reported by: vipsoft Owned by: vipsoft
Priority: normal Milestone: 1.6 Piwik 1.6
Component: Core Keywords:
Cc: Sensitive: no

Description

#2594 was nagging at me all night.

I did a review of the code base, and there doesn't appear to be a reason why getCurrentSchema() couldn't return https when assume_secure_protocol = 1.

This would eliminate the special cases in the code. So, let's refactor and clean this up.

Change History (5)

comment:1 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [5070]) fixes #2606, refs #2594

comment:2 Changed 3 years ago by matt (mattab)

thanks for all the technical debt fixes.

Regarding this change,

  • can you please confirm that you tested to load https://server/piwik and all files were loading fine over https without triggering browser warning?
  • how much effort (hours) would it take to have a webtest testing to load the https version of piwik and verify that all links / ressources are https ?

thx

comment:3 Changed 3 years ago by matt (mattab)

  • Resolution fixed deleted
  • Status changed from closed to reopened

reopening pending some QA questions above, vipsoft would you mind taking a quick look?

comment:4 Changed 3 years ago by vipsoft (robocoder)

There's no warning if you have a valid certificate (or accepted a self-signed one).

Webtest: The main stumbling blocks are going to be the jetty/jenkins environment, and how to reliably test ajax requests and dynamic content. (The latter already causes sporadic test failures.)

comment:5 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from reopened to closed

thanks for confirming

Note: See TracTickets for help on using tickets.