Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#2617 closed Bug (answered)

logo-header.png has absolute path ssl https custom logo branding piwik security warning

Reported by: flokli Owned by:
Priority: normal Milestone: 1.6 Piwik 1.6
Component: Core Keywords:
Cc: Sensitive: no

Description

I installed piwik on an apache server. The page is delivered via http from PHPs "point of view".

Later, the connection is via https. I get a security warning in the browser because the logo-header.png file is still delivered via http protocol. Seems to me as if PHP tries to figure out the "absolute" path (+protocol) for that file.

Can this be changed to a relative one like all the other images, so that this warning will go away?

Change History (9)

comment:1 Changed 3 years ago by matt (mattab)

  • Milestone set to 1.6 Piwik 1.6

I believe this was fixed in trunk. Can you please test the nightly QA build and confirm it is then working? http://qa.piwik.org:8080/nightly/ thanks

comment:2 Changed 3 years ago by flokli

Hm.

I installed the nightly build piwik-svn-r50899. Piwik reports it as 1.5.2.

"#logo a img" on both pages (login and "normal" page) use absolute paths.

comment:3 Changed 3 years ago by matt (mattab)

after you upload a new logo does it work fine?

comment:4 Changed 3 years ago by flokli

Even when I use a custom logo, it's the same.

The path is absolute and starts with a "http://"

comment:5 Changed 3 years ago by matt (mattab)

can you give the URL of the page you are on, and the full IMG tag found in the source code of the page?

i'm asking because reading the code i don't see how the bug couldnt be fixed on trunk.

comment:6 Changed 3 years ago by flokli

on index.php (login page, using default logo):

<div id="logo"> 
<a href="http://piwik.org" title="Open Source Analytics">		<img src='http://piwik.******.de/themes/default/images/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'> 
<div class="description"># Open Source Analytics</div> 
</a>	</div> 

on index.php (login page, using custom logo):

<div id="logo"> 
<img src='http://piwik.******.de/themes/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'>
</div>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using default logo)

<span id="logo"> 
<a href="index.php" title="Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/default/images/logo-header.png' alt="Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using custom logo)

<span id="logo"> 
<a href="index.php" title="Powered by Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/logo-header.png' alt="Powered by Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

Also checked if the proxy rewriting something, it's not. Even when acessing the site via plain http I see an absolute url with protocol.

comment:7 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to answered
  • Status changed from new to closed

The absolute URLs are required for email HTML reports.

For your use case, you should be setting: assume_secure_protocol=1 in config/config.ini.php, e.g.,

[General]
assume_secure_protocol=1

comment:8 Changed 3 years ago by flokli

That fixed it, thanks!

But maybe you could add an FAQ entry or something inside the README, so that others can find a solution faster :-)

comment:9 Changed 3 years ago by matt (mattab)

  • Summary changed from logo-header.png has absolute path to logo-header.png has absolute path ssl https custom logo branding piwik security warning
Note: See TracTickets for help on using tickets.