Follow up from #4001
Regarding the Overlay report:
In case the Overlay report website does not load over HTTPS, could we default to HTTP for overlay report?
Overlay opens in a new window, so we could: - open that new window over HTTP if we know the website is not https - redirect from https to http if the overlay didn't load over https
- Test if this would work at all
- deal with the auth cookie set which is set with "secure" flag right now.
- Only do this when Piwik is not loaded over
+1 We're running into this same issue right now. We use force_ssl in our Piwik configuration but most of our 200 web sites do not support SSL. This is a very cool feature that would be nice to have working but I understand the technical hurdles. I would be fine with switching to regular HTTP when applicable for the Overlay report.
I'm not sure if this would work, but could you possibly pass the users auth token to the HTTP instance to allow the report to run and to avoid issues with the secure cookie? That's just off the top of my head, I haven't done any research on potential issues.
in #7067 this issue was described as a "Hack" so I will close it as "wontfix" and we can discuss a proper solution in #7067 - please comment there to be notified of updates