Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

logo-header.png has absolute path ssl https custom logo branding piwik security warning #2617

Closed
anonymous-piwik-user opened this Issue · 8 comments

3 participants

Anonymous Piwik user Matthieu Aubry Anthon Pang
Anonymous Piwik user

I installed piwik on an apache server. The page is delivered via http from PHPs "point of view".

Later, the connection is via https. I get a security warning in the browser because the logo-header.png file is still delivered via http protocol. Seems to me as if PHP tries to figure out the "absolute" path (+protocol) for that file.

Can this be changed to a relative one like all the other images, so that this warning will go away?

Matthieu Aubry
Owner

I believe this was fixed in trunk. Can you please test the nightly QA build and confirm it is then working? http://qa.piwik.org:8080/nightly/ thanks

Anonymous Piwik user

Hm.

I installed the nightly build piwik-svn-r50899. Piwik reports it as 1.5.2.

"#logo a img" on both pages (login and "normal" page) use absolute paths.

Matthieu Aubry
Owner

after you upload a new logo does it work fine?

Anonymous Piwik user

Even when I use a custom logo, it's the same.

The path is absolute and starts with a "http://"

Matthieu Aubry
Owner

can you give the URL of the page you are on, and the full IMG tag found in the source code of the page?

i'm asking because reading the code i don't see how the bug couldnt be fixed on trunk.

Anonymous Piwik user

on index.php (login page, using default logo):

<div id="logo"> 
<a href="http://piwik.org" title="Open Source Analytics">       <img src='http://piwik.******.de/themes/default/images/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'> 
<div class="description"># Open Source Analytics</div> 
</a>    </div> 

on index.php (login page, using custom logo):

<div id="logo"> 
<img src='http://piwik.******.de/themes/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'>
</div>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using default logo)

<span id="logo"> 
<a href="index.php" title="Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/default/images/logo-header.png' alt="Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using custom logo)

<span id="logo"> 
<a href="index.php" title="Powered by Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/logo-header.png' alt="Powered by Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

Also checked if the proxy rewriting something, it's not. Even when acessing the site via plain http I see an absolute url with protocol.

Anthon Pang
Collaborator

The absolute URLs are required for email HTML reports.

For your use case, you should be setting: assume_secure_protocol=1 in config/config.ini.php, e.g.,

[General]
assume_secure_protocol=1
Anonymous Piwik user

That fixed it, thanks!

But maybe you could add an FAQ entry or something inside the README, so that others can find a solution faster :-)

Anonymous Piwik user anonymous-piwik-user added this to the 1.6 Piwik 1.6 milestone
Matthieu Aubry mattab added the R: worksforme label
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.