@halfdan opened this issue on March 23rd 2013

I just noticed this on two installations:

The page at https://piwik.example.eu/index.php?module=CoreHome&action=index&date=20UserCountryMap&action=realtimeWorldMap&date=2013-03-23&period=day&idSite=1 displayed insecure content from http://piwik.example.eu/plugins/UserCountryMap/svg/world.svg.
 index.php:5
XMLHttpRequest cannot load http://piwik.example.eu/plugins/UserCountryMap/svg/world.svg. Origin https://piwik.example.eu is not allowed by Access-Control-Allow-Origin. index.php:1
Object {readyState: 0, setRequestHeader: function, getAllResponseHeaders: function, getResponseHeader: function, overrideMimeType: function}
 "error" "" 

Real-time map is requesting the world.svg using http instead of https.

@halfdan commented on March 23rd 2013

Short update: This might not be related to the real-time map at all.

I just noticed that core/View.php doesn't set the proper URL according to the scheme used. I am getting a http-URL instead of https when accessing Piwik over https (shown in Javascript piwik.piwik_url).

@mattab commented on March 24th 2013

Seems to be working on https://demo.piwik.org ?

@halfdan commented on March 24th 2013

This seems to be caused by a common nginx misconfiguration:

In fastcgi_params add:

fastcgi_param HTTPS $https;
This issue was closed on March 24th 2013
Powered by GitHub Issue Mirror