Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Since 1.9.2 optOut does not work any more for Chrome in multi-port configuration for one domain #3568

Closed
anonymous-matomo-user opened this issue Nov 22, 2012 · 4 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority.
Milestone

Comments

@anonymous-matomo-user
Copy link

In piwik 1.9, I have registered one domain for piwik. For security reasons, I configured piwik to a special port, 8443 (SSL) (the other ports have content-security-policy activated, which piwik does not support yet). On port 80 (http) and 443 (https) piwik is included in the user pages to track the users. Note that all files for all ports use the same htdocs directory, so the piwik installation is NOT copied for each port, but reused.

We moreover have a piwik opt-out included on our privacy page, which is located on port 443 (https). You can have a look at it and see it working here, at the bottom of the page (piwik 1.9 is still installed there):

https://culinacard.com/controller?ac=110

So far, so good. Now, after update of our development system to piwik 1.9.2, the opt out logic does not work any more on Chrome. If I click on the opt-out-checkbox, the page is reloaded, but it does not change the status. It DOES STILL work on Firefox, however. So the problem must have to do with an interaction of the opt-out mechanism with chrome. You can test the problem here:

https://dev.culinacard.com/controller?ac=110
HTTP-User: culina
HTTP-Password: debugging

You can see there, that it works with Firefox, but not with Chrome. Strangely, if I call the optOut inline frame outside the frame and with the port 8443, it DOES work in Chrome:

https://dev.culinacard.com:8443/piwik/index.php?module=CoreAdminHome&action=optOut&language=de

However, we do not want to use the port 8443 on a normal user page. We definitely need port 443. Otherwise, some users might not be able to reach it, if their firewall does not allow other ports then 443 and 80.

I think this bug is critical, as in germany, we have very restrictive privacy laws. We need to provide at least this opt-out for ours users, never mind which browser they use. And Chrome is a very important browser, moreover.

So, a short analysis of this bug is the following:
"optOut does not work any more with Chrome, if piwik 1.9.2 was installed on another port than the optOut page is used on, and if only one domain is used. But it works with piwik 1.9 without any issues."
Keywords: optOut, Chrome, multi-port, domain

@anonymous-matomo-user
Copy link
Author

I have now also tested this functionaltiy with IE9. It works like a charm... But still, not with Chrome.

All my tests were performed on two different computers, one with Windows Vista and the other on with Windows 7. Both have the browsers Chrome, IE9 and Firefox installed. On both machines, the privacy page works for IE9 and Firefox, but not for Chrome.

@diosmosis
Copy link
Member

@culinacard Hi, I managed to reproduce this bug and I think I know what you need to do to fix it. In one of the Piwik 1.9.X versions an extra security measure was added where host values were tested against a list of trusted hosts. In the update the host you use is assumed to be the only trusted host. In your case, this was probably 'culinacard.com:8443'. The iframe, however, tries to go to https://culinacard.com and host verification fails since only culinacard.com:8443 is trusted. To fix this, add:

trusted_hosts[] = "culinacard.com"

under [General] in your config/config.ini.php.

Let me know if this works!

@anonymous-matomo-user
Copy link
Author

Wow, works like a charm! I have now edited config.ini.php and global.ini.php to add the domain as trusted host. Thank you very much for your help! Now I can make an update of my Piwik installations...

@diosmosis
Copy link
Member

Glad it worked! Closing the ticket now.

Also, note that global.ini.php is meant to hold the "default" config values, so you don't have to change it, just config.ini.php. I don't think it'll break anything if you do, though.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority.
Projects
None yet
Development

No branches or pull requests

2 participants