Matomo: Apache configuration of 'Header set Referrer-Policy "no-referrer"' causes Matomo login to fail
I can't login anymore after upgrading matomo from 3.9 to 3.12.
I did db upgrade and get stuck outside the app.
Tested with Firefox 70 and Brave 0.70 based on chromium 78
Here error message I get
I tried to reset my password following this page https://matomo.org/faq/how-to/faq_191/ but I still get the same error.
I'm using same computer, same browser than yesterday, no proxy....
thanks for your help.
metfan
All 10 comments
hum, finally I got it work on Microsoft Edge but I still get the error on Firefox and Brave.
metfan
on 30 Oct 2019
Hello,
Do you have any Adblocker ? It could be a reason.
Regards,
JugurthaK
on 3 Nov 2019
Hello @JugurthaK ,
I don't have adblocker on Brave, I disable brave shield but I still have the problem.
I tried on Firefox after I disable uBlock Origin and built in Firefox shield and still have the problem.
Strange it work on Microsoft Edge.
Thanks for your help.
metfan
on 4 Nov 2019
Same issue here. My Firefox 70.0.1 (64-bit), sends Origin: nullto Matomo, which results in this error. That also happens to me on a plain FF installation.
There are no problems with Safari or TorBrowser, they send Origin: https://analytics.foobar.org properly.
xshadow
on 10 Nov 2019
AFAIK some users had issues updating to 3.10 or so. Maybe clearing all cookies helps? Does it work in incognito mode?
I wonder why not more users are experiencing this issue on Firefox or so. Any thoughts? @Findus23 @mattab ?
tsteur
on 10 Nov 2019
Yeah it seems to be like an odd behavior. I would also suspect plugins. I also had this issue before upgrading to 3.12, so it does not has to be introduced in the current release.
Deleting all cookies did not help.
Incognito mode with plugins enabled does not work.
Starting Firefox without Plugins does not help.
xshadow
on 10 Nov 2019
I can reproduce the problem. If you set in your Apache configuration the following header Header set Referrer-Policy "no-referrer"then you are not able to login with a cache cleared FF (all plugins enabled),
xshadow
on 10 Nov 2019
@xshadow would apache always overwrite that header? Or would apache keep a header that we set in Matomo (cause I think we do set a referrer-policy AFAIK)
tsteur
on 11 Nov 2019
As far as I understand the docs "your" header will be overwritten:
set
The response header is set, replacing any previous header with this name.
xshadow
on 11 Nov 2019
Is there anything we could do about this, maybe detect this problem and mention it in the red error message like We detected your web server returned a HTTP header "Referrer-Policy" with the value "no-referrer", which is not compatible with Matomo. Please change your webserver configuration to not set this header "Referrer-Policy"
mattab
on 21 Jan 2020
Related issues
tassoman
路
4Comments
danchello
路
4Comments
hamzahamidi
路
5Comments
jurvi
路
3Comments
Vsevorod
路
4Comments
Most helpful comment
I can reproduce the problem. If you set in your Apache configuration the following header
Header set Referrer-Policy "no-referrer"then you are not able to login with a cache cleared FF (all plugins enabled),