Skip to content

Allow web cron via POST #14190

New issue
New issue
Closed
#17703
Closed
Allow web cron via POST#14190
#17703
Assignees
justinvelluppillai
Labels
Help wantedBeginner friendly issues or issues where we'd highly appreciate community's help and involvement.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
@Findus23

Description

@Findus23
Findus23
opened on Mar 12, 2019

I just noticed that the Web Cron Docs recommends accessing this URL (I just updated it to include https)
https://matomo.your-server.example/path/to/piwik/misc/cron/archive.php?token_auth=XYZ

Sending the admin token via GET isn't ideal, but it seems to be hardcoded:

matomo/misc/cron/archive.php

Line 60 in 7edf461

if(!isset($_GET['token_auth'])) {

Would it be possible to update the script to support POST (and mention it in the docs) or maybe even recommend people to directly call CoreAdminHome.runCronArchiving?

Metadata

Metadata

Assignees

Labels

Help wantedBeginner friendly issues or issues where we'd highly appreciate community's help and involvement.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions