Opened 17 months ago

Closed 17 months ago

Last modified 17 months ago

#3572 closed Bug (fixed)

Piwik SSL detection should also read proxy ssl header: HTTP_X_FORWARDED_PROTO

Reported by: matt Owned by:
Priority: normal Milestone: 1.10 - Piwik 1.10
Component: Core Keywords:
Cc: Sensitive: no

Description

For example, the Page Overlay report does not work over SSL on the demo because the _SERVERHTTPS? is not set but _SERVERHTTP_X_FORWARDED_PROTO? is

Change History (2)

comment:1 Changed 17 months ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

(In [7534]) Fixes #3572 Refs #2465 Overlay work on SSL on demo! NICE!

comment:2 Changed 17 months ago by vipsoft (robocoder)

Probably doesn't matter here, but the reason I didn't include X-Forwarded-Proto is because it's non-standard and can be spoofed. Other variations are X-Forwarded-Ssl and X-Forwarded-Scheme. Hence "assume_secure_protocol".

Note: See TracTickets for help on using tickets.