Piwik SSL detection should also read proxy ssl header: HTTP_X_FORWARDED_PROTO #3572

mattab opened this Issue Nov 24, 2012 · 2 comments

2 participants

Piwik Open Source Analytics member

For example, the Page Overlay report does not work over SSL on the demo because the _SERVER[is not set but _SERVER'HTTP_X_FORWARDED_PROTO' is

Piwik Open Source Analytics member

(In [7534]) Fixes #3572 Refs #2465 Overlay work on SSL on demo! NICE!


Probably doesn't matter here, but the reason I didn't include X-Forwarded-Proto is because it's non-standard and can be spoofed. Other variations are X-Forwarded-Ssl and X-Forwarded-Scheme. Hence "assume_secure_protocol".

@mattab mattab added this to the 1.10 - Piwik 1.10 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment