Please, you can share the results and your proposed improvements.

We searched through .php and .tpl files for the text http/https (skipping over some allowed variations, like variable names HttpSomething. If needed we can share the exact search terms).

We searched for the following functions in .php and .tpl:

Piwik::getPiwikUrl
Piwik_API::getLogoUrl
Piwik_API::getHeaderLogoUrl
Piwik_Common::getPathToPiwikRoot
Piwik_Url::getCurrentUrl
Piwik_Url::getCurrentUrlWithoutQueryString
Piwik_Url::getCurrentUrlWithoutFileName
Piwik_Url::getCurrentHost

We searched for the following variables (some of them are PHP-related, most are view template-related):

$piwikHost (in UsersManager)
$currentPath (HTML report Smarty common parameters)
$logoLarge (view minimal variables)
$logoHeader (view minimal variables, HTML report Smarty common parameters)
$piwikUrl (in all views)
$url (in all views)
$pageUrl (in PiwikTracker)
$piwik_url (in all JavaScript)

We just attached a list of the ~20 issues we found. They're flagged red/yellow/green: the red ones we think should be fixed; on the yellow ones we'd like a review to understand if they should be fixed or not.

If you agree on which are the red ones, we'd happy to move on and submit the proposed improvements. In many cases, that would mean to drop the prefix, or to change the way a function is invoked (e.g. getLogoUrl).

Attachment: Results of our investigation on absolute URL usage
Results.xlsx

This is the same list as the one inside Excel document, posted here as text:

||Id||Source file||Check||Comment||
||34||\piwik\core\DataTable\Renderer\Rss.php||Green||Invokes getCurrentUrlWithoutFileName() to prefix URLs, but it's only to create RSS feeds, not web pages.||
||20||\piwik\core\FrontController.php||Green||Invokes Piwik::getPiwikUrl() but then never uses its output. Note: this call could be removed.||
||22||\piwik\core\ReportRenderer\Pdf.php||Green||Invokes getLogoUrl(), but that's to create PDFs, not web pages.||
||23||\piwik\core\ReportRenderer\Pdf.php||Green||Invokes getPathToPiwikRoot(), but that's to create PDFs, not web pages.||
||1||\piwik\core\Tracker\javascriptCode.tpl||Green||It only shows samples of code to admin in web page text.||
||2||\piwik\core\Tracker\javascriptCode.tpl||Yellow||$piwikUrl is used to prefix img src attribute URL. The page is only accessed by admins, which might be working behind proxies. So this case could be an issue or not.||
||27||\piwik\plugins\API\API.php||Red||getLogoUrl() returns absolute URLs.||
||28||\piwik\plugins\API\API.php||Red||getHeaderLogoUrl() returns absolute URLs.||
||4||\piwik\plugins\CoreHome\templates\datatable_cell.tpl||Yellow||If $rowMetadata.url variable contains only external URLs (e.g. "http://piwik.org/faq/general/#faq_52") then this is fine. Otherwise, if it might contain absolute URLs pointing to Piwik pages, that is an issue.||
||6||\piwik\plugins\CoreHome\templates\html_report_body.tpl||Yellow||If $rowMetadata.url variable contains only external URLs (e.g. "http://piwik.org/faq/general/#faq_52") then this is fine. Otherwise, if it might contain absolute URLs pointing to Piwik pages, that is an issue. By looking at a generated report sample and by looking at the call to getHeaderLogoUrl() in \core\ReportRenderer\Html.php, one would say that there are also absolute URLs pointing to Piwik pages. But then again, this is a report sent by email, not a web page shown in browser, so this could be fine.||
||7||\piwik\plugins\CoreHome\templates\html_report_body.tpl||Yellow||$currentPath variable has same value as Piwik::getPiwikUrl() and is used to prefix URLs, which hence become absolute. But then again, this is a report sent by email, not a web page shown in browser, so this could be fine.||
||9||\piwik\plugins\CoreHome\templates\html_report_header.tpl||Yellow||$currentPath variable has same value as Piwik::getPiwikUrl() and is used to prefix URLs, which hence become absolute. But then again, this is a report sent by email, not a web page shown in browser, so this could be fine.||
||10||\piwik\plugins\CoreHome\templates\html_report_header.tpl||Yellow||Logo img src URL is absolute because of $logoHeader variable. But then again, this is a report sent by email, not a web page shown in browser, so this could be fine.||
||25||\piwik\plugins\CoreHome\templates\logo.tpl||Red||Logo img src URL is absolute because of $logoHeader variable.||
||30||\piwik\plugins\CoreUpdater\Controller.php||Green||Invokes getPathToPiwikRoot(), but only for text shown to the user (to the admin, actually).||
||18||\piwik\plugins\ImageGraph\Controller.php||Red||Returns URLs that are prefixed with Piwik::getPiwikUrl().||
||12||\piwik\plugins\Installation\templates\welcome.tpl||Green||This is only for installation, used by admins, which might be working behind proxies. And anyway it seems to take into account the presence of proxies.||
||32||\piwik\plugins\Login\Controller.php||Red||Invokes getCurrentUrlWithoutQueryString() to prefix the link needed for resetPassword.||
||14||\piwik\plugins\Login\templates\header.tpl||Red||Logo img src URL is absolute because of $logoLarge variable. The actual problem lies within the call to getLogoUrl() in \core\Controller.php.||
||38||\piwik\plugins\PrivacyManager\templates\privacySettings.tpl||Yellow||Uses $piwikUrl variable to prefix URLs. But this page is for admins, which might be working behind proxies. So this could be an issue or not.||
||36||\piwik\plugins\Referers\Controller.php||Green||Invokes getCurrentUrlWithoutFileName() to prefix URLs. But that is for a call to API, not shown in a web page.||
||16||\piwik\plugins\SitesManager\templates\SitesManager.tpl||Green||||
||40||\piwik\plugins\Widgetize\templates\js.tpl||Green||Uses $piwikUrl variable to prefixe URLs in <head> tag. But then if you look at the web page those URLs show up as relative, so it seems fine.||

Going further, we checked again the listed issues and changed their status accordingly. For all the red ones, we're attaching a patch here that fixes them.
For all the green ones, there is no action to be taken, i.e. they're fine like that.
There's left just a yellow issue, on which we'd like some feedback (Id 4).

Here's the updated list in text format. We're also attaching the same in Excel format.

||=Id=||=Source file=||=Check=||=Comment=||=Status=||
||34||/core/DataTable/Renderer/Rss.php||Green||Invokes getCurrentUrlWithoutFileName() to prefix URLs, but it's only to create RSS feeds, not web pages.||Not a bug||
||20||/core/FrontController.php||Green||Invokes Piwik::getPiwikUrl() but then never uses its output. Note: if confirmed, $host variable could be removed.||Not a bug||
||22||/core/ReportRenderer/Pdf.php||Green||Invokes getLogoUrl(), but that's to create PDF reports, not web pages.||Not a bug||
||23||/core/ReportRenderer/Pdf.php||Green||Invokes getPathToPiwikRoot(), but that's to create PDF reports, not web pages.||Not a bug||
||1||/core/Tracker/javascriptCode.tpl||Green||It only shows samples of code to admin in web page text.||Not a bug||
||2||/core/Tracker/javascriptCode.tpl||Green||$piwikUrl is used to prefix img src attribute URL. The page is only accessed by admins, which might be working behind proxies. And it seems a code sample that has to be pasted as it is in tracked pages.||Not a bug||
||27||/plugins/API/API.php||Red||getLogoUrl() returns absolute URLs.||Patch available||
||28||/plugins/API/API.php||Red||getHeaderLogoUrl() returns absolute URLs.||Patch available||
||4||/plugins/CoreHome/templates/datatable_cell.tpl||Yellow||If $rowMetadata.url variable contains only external URLs (e.g. "http://piwik.org/faq/general/#faq_52") then this is fine. Otherwise, if it might contain absolute URLs pointing to Piwik pages, that is an issue.||Waiting for feedback||
||6||/plugins/CoreHome/templates/html_report_body.tpl||Green||If $rowMetadata.url variable contains only external URLs (e.g. "http://piwik.org/faq/general/#faq_52") then this is fine. Otherwise, if it might contain absolute URLs pointing to Piwik pages, that is an issue. By looking at a generated report sample and by looking at the call to getHeaderLogoUrl() in \core\ReportRenderer\Html.php, one would say that there are also absolute URLs pointing to Piwik pages. But then again, this is for a report sent by email, not a web page, so it seems fine.||Not a bug||
||7||/plugins/CoreHome/templates/html_report_body.tpl||Green||$currentPath variable has same value as Piwik::getPiwikUrl() and is used to prefix URLs, which hence become absolute. But then again, this is a report sent by email, not a web page, so it seems fine.||Not a bug||
||9||/plugins/CoreHome/templates/html_report_header.tpl||Green||$currentPath variable has same value as Piwik::getPiwikUrl() and is used to prefix URLs, which hence become absolute. But then again, this is a report sent by email, not a web page, so it seems fine.||Not a bug||
||10||/plugins/CoreHome/templates/html_report_header.tpl||Green||Logo img src URL is absolute because of $logoHeader variable. But then again, this is a report sent by email, not a web page, so it seems fine.||Not a bug||
||25||/plugins/CoreHome/templates/logo.tpl||Red||Logo img src URL is absolute because of $logoHeader variable.||Patch available||
||30||/plugins/CoreUpdater/Controller.php||Green||Invokes getPathToPiwikRoot(), but only for text shown to the user (to the admin, actually).||Not a bug||
||18||/plugins/ImageGraph/Controller.php||Green||Returns URLs that are prefixed with Piwik::getPiwikUrl(). But then again, this is used in reports, not web pages, so it seems fine.||Not a bug||
||12||/plugins/Installation/templates/welcome.tpl||Green||This is only for installation, used by admins, which might be working behind proxies. And anyway it takes into account the presence of proxies.||Not a bug||
||32||/plugins/Login/Controller.php||Green||Invokes getCurrentUrlWithoutQueryString() to prefix the link needed for resetPassword. But that is used to generate email body, not a web page, so it seems fine.||Not a bug||
||14||/plugins/Login/templates/header.tpl||Red||Logo img src URL is absolute because of $logoLarge variable. The actual problem lies within the call to getLogoUrl() in \core\Controller.php. This is a duplicate of Id25.||Duplicated||
||38||/plugins/PrivacyManager/templates/privacySettings.tpl||Green||Uses $piwikUrl variable to prefix URLs. This page is for admins, which might be working behind proxies. So this could be an issue or not.||Patch available||
||36||/plugins/Referers/Controller.php||Green||Invokes getCurrentUrlWithoutFileName() to prefix URLs. But that is in order to call an API, not to show an image or link in a web page.||Not a bug||
||16||/plugins/SitesManager/templates/SitesManager.tpl||Green||False positive||Not a bug||
||40||/plugins/Widgetize/templates/js.tpl||Green||Uses $piwikUrl variable to prefixe URLs in <head> tag. But then it is not included in any PHP nor TPL file. Note: if that's confirmed, it could be removed.||Not a bug||

Attachment: Results of our investigation on absolute URL usage, updated
Results v3.xlsx

Attachment: Diff to fix issues with Id's 27, 28, 2, 38
git-diff-Id27-Id28-Id2-Id38.diff

ok looks interesting. let me know when you have patches you have tested, that the tests pass, and you'd like to review :)

Kuddos for doing this reviewing work!

Please submit a pull request for these changes. Thanks!