Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New setting force_ssl that will ensure that Piwik is only used over https SSL #2918

Closed
mattab opened this issue Feb 11, 2012 · 2 comments
Closed
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Feb 11, 2012

Currently, there is a setting force_ssl_login that forces the login details to be submitted over https.

However, since the token_auth is confidential, and sometimes passed in URLs (API requests, ajax requests done in the admin screens, etc.) it is desired to have a setting that would ensure that Piwik can ONLY be used over SSL.

  • when force_ssl=1 then all requests will be redirected to the https:// URL.
  • Expected: If SSL is not properly configured then Piwik will NOT work. User can edit the config file to set force_ssl = 0 to re-enable piwik in this case.
  • This setting is different from assume_secure_protocol
  • Also, update the How to setup secure server guide with this new setting recommendation.
@mattab
Copy link
Member Author

mattab commented Feb 12, 2012

(In [5815]) Fixes #2918

  • Adding new setting force_ssl that will automatically redirect all http:// requests to the https:// equivalent. This ensures better security for the piwik server, since the token_auth is often found in the response body or in the GET parameters.

@mattab
Copy link
Member Author

mattab commented Feb 12, 2012

@mattab mattab added this to the 1.7 Piwik 1.7 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Projects
None yet
Development

No branches or pull requests

1 participant