Hi, I’m suffering the same problem as originally described. I’ve added the line to Url.php as shown in the link, but it doesn’t appear to have made any difference.
Is any further action required (eg. a restart of Apache).
You didn’t include any description or explanation with the suggested change, so I’m not sure exactly why it’s required or what it is fixing.
I get the same error during login with 0.6.2, and the lines Url.php is quite different now. Is there another patch I can apply for the current version?
After some debugging in verifyNonce(), this turned out to be because I was running piwik at https://localhost:4444, and getAcceptableOrigins() needs the “HTTPS” FCGI param to be set to ‘on’.
I am having this error as well. I dont run my piwik under https though, so dont think yangs fix will help me any. I first had it with 0.6.3 but then I upgraded via console to see if that would help any, so now I run 1.0.
I am aware of the security implications and therefor I restore the php-file to the original state after I have successfully logged in. I advice everyone else to do the same.
If you fix this one I’ll show you some love and buy you a beer.
It seem like this happened to me because I had my web server set up behind load balancing, high availability proxy and caching. (Varnish) And the setup I had did not relay the expected header to Piwik. This was not a bug in Piwik in my case. Just wanted to let people know that.
So, what is the solution to this problem? I have exactly the same with my new install, running on apache 2.4 behing a load balancer. Changing the nonce.php to always return true on the token validation allows me to login.