Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

logo-header.png has absolute path ssl https custom logo branding piwik security warning #2617

Closed
anonymous-piwik-user opened this Issue · 8 comments

3 participants

@anonymous-piwik-user

I installed piwik on an apache server. The page is delivered via http from PHPs "point of view".

Later, the connection is via https. I get a security warning in the browser because the logo-header.png file is still delivered via http protocol. Seems to me as if PHP tries to figure out the "absolute" path (+protocol) for that file.

Can this be changed to a relative one like all the other images, so that this warning will go away?

@mattab
Owner

I believe this was fixed in trunk. Can you please test the nightly QA build and confirm it is then working? http://qa.piwik.org:8080/nightly/ thanks

@anonymous-piwik-user

Hm.

I installed the nightly build piwik-svn-r50899. Piwik reports it as 1.5.2.

"#logo a img" on both pages (login and "normal" page) use absolute paths.

@mattab
Owner

after you upload a new logo does it work fine?

@anonymous-piwik-user

Even when I use a custom logo, it's the same.

The path is absolute and starts with a "http://"

@mattab
Owner

can you give the URL of the page you are on, and the full IMG tag found in the source code of the page?

i'm asking because reading the code i don't see how the bug couldnt be fixed on trunk.

@anonymous-piwik-user

on index.php (login page, using default logo):

<div id="logo"> 
<a href="http://piwik.org" title="Open Source Analytics">       <img src='http://piwik.******.de/themes/default/images/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'> 
<div class="description"># Open Source Analytics</div> 
</a>    </div> 

on index.php (login page, using custom logo):

<div id="logo"> 
<img src='http://piwik.******.de/themes/logo.png' title="Open Source Analytics" width='200' style='margin-right:20px'>
</div>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using default logo)

<span id="logo"> 
<a href="index.php" title="Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/default/images/logo-header.png' alt="Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

on index.php?module=MultiSites&action=index&idSite=1&period=range&date=last30 (dashboard, using custom logo)

<span id="logo"> 
<a href="index.php" title="Powered by Piwik # Quelloffene Webanalytik" style="text-decoration: none;"> 
<img src='http://piwik.******.de/themes/logo-header.png' alt="Powered by Piwik" style='margin-left:10px' height='50px'/> 
</a> 
</span>

Also checked if the proxy rewriting something, it's not. Even when acessing the site via plain http I see an absolute url with protocol.

@robocoder

The absolute URLs are required for email HTML reports.

For your use case, you should be setting: assume_secure_protocol=1 in config/config.ini.php, e.g.,

[General]
assume_secure_protocol=1
@anonymous-piwik-user

That fixed it, thanks!

But maybe you could add an FAQ entry or something inside the README, so that others can find a solution faster :-)

@anonymous-piwik-user anonymous-piwik-user added this to the 1.6 Piwik 1.6 milestone
@mattab mattab added the R: worksforme label
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.