Problem with empty responses using Heatmaps and Session Recordings plugin


(T Papaj Cin) #1

Hello.
I’m testing Heatmaps and Session recordings plugin and I encountered weird problems.
All requests to configs.php file end up with blank page and 200 OK response. Nothing is recorded. I checked the configs.php file and empty GET request to this file should return 400 Bad Request code but I still get 200 OK responses even with empty GET requests.

It seems that something is blocking the plugin.

That website uses Nginx. I wonder if X- headers can do something with blocking the plugin. Tested website has X Content Type set to nosniff, X-Frame-Options to Deny and XSS Protection to 1;mode=block. Unfortunately I can’t request any change to headers on that website unless I have solid proof.

Is there anything else what can block this plugin?

EDIT:
Thanks for moving my post to correct category. Anyway, here’s also a message from system check(I removed website address). I forgot to include it:
We couldn't check if 'https://(......)/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=5lX6EM&url=http%3A%2F%2Ftest.test%2F' is accessible over the Internet or Intranet.Please open the URL manually in a browser to see if the response contains 'Piwik.HeatmapSessionRecording'. If not, you might need to modify your server configuration as this file needs to be accessible via a browser from the Internet or Intranet.


(Jason) #2

Hello,

Could you please try this change (or a similar change if you don’t use this Nginx config) to your NGINX config and let us know if this fixes the issue for you?

The idea is to whitelist the file configs.php in your nginx configuration:

Thanks,

Jason


(T Papaj Cin) #3

I wish I could tell you but our IT guys somehow fixed this problem after some time. Another thing is that I don’t have an access to Nginx configuration so I can’t tell how they did it.

Also it’s worth mentioning in plugin FAQ that X-Frame-Options header must be set at least to “sameorigin” , it was the second problem we encountered after fixing the first one. When opening a recording/heatmap this plugin is trying to open matomo website in a frame.