@anonymous-piwik-user opened this Issue on June 26th 2011

I spent a lot of time to integrate piwik into TYPO3.
But Piwik 1.5 seems to use either

top.location.href="..." or target="_top"

to enforce that piwik is not loaded in a frame.

This way the TYPO3 Backend is unloaded, while piwik loads in the top frame.

This behaviour is found on the settingspage. Please remove the following snippet!

    <script type="text/javascript"> 
        if(self == top) {
            var theBody = document.getElementsByTagName('body')[0];
            theBody.style.display = 'block';
        } else {
            top.location = self.location;
        }
    </script>

Thanks in advice.

@robocoder commented on June 26th 2011 Contributor

Kay: this is part of the anti-clickjacking code. So, I can't remove it. However, it is configureable, albeit secure by default. If you want to frame logins or settings, you can set enabled_framed_logins = 0 and enable_framed_settings = 0, respectively. (See config/global.ini.php.)

@robocoder commented on June 26th 2011 Contributor

Reference: CVE-2011-0399

@robocoder commented on June 27th 2011 Contributor

Typo correction: I meant you have to set to = 1 to enable framing.

This Issue was closed on June 27th 2011
Powered by GitHub Issue Mirror