Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Piwik SSL detection should also read proxy ssl header: HTTP_X_FORWARDED_PROTO #3572

Closed
mattab opened this issue Nov 24, 2012 · 2 comments

Comments

@mattab
Copy link
Member

commented Nov 24, 2012

For example, the Page Overlay report does not work over SSL on the demo because the _SERVER[is not set but _SERVER'HTTP_X_FORWARDED_PROTO' is

@mattab

This comment has been minimized.

Copy link
Member Author

commented Nov 24, 2012

(In [7534]) Fixes #3572 Refs #2465 Overlay work on SSL on demo! NICE!

@robocoder

This comment has been minimized.

Copy link
Contributor

commented Nov 24, 2012

Probably doesn't matter here, but the reason I didn't include X-Forwarded-Proto is because it's non-standard and can be spoofed. Other variations are X-Forwarded-Ssl and X-Forwarded-Scheme. Hence "assume_secure_protocol".

@mattab mattab added this to the 1.10 - Piwik 1.10 milestone Jul 8, 2014
@mattab mattab added T: Bug labels Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.