SOLVED MMM-Hue CORS Policy Issue
-
I seem to be having an issue after updating to 2.18 yesterday. MMM-Hue seems not to be working anymore. I get the following error:
Access to XMLHttpRequest at 'http://bridgeip/api/user/groups' from origin 'http://0.0.0.0:8080' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.Has anybody else had the same issue after updating? There are no errors in the logs. The above error is from the Developer Console.
-
you can test the following, I couldn’t test this completely but the cors error was gone in my tests.
First yo need to create own certs, go into the
configfolder of mm (same folder whereconfig.jsis located) and run this command:openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out example.crt \ -keyout example.key \ -subj "/C=DE/ST=Hessen/L=Frankfurt/O=MagicMirror/OU=MM/CN=www.example.com"Then edit your
config.jsand add the following lines under the line withvar config = {electronOptions: { webPreferences: { webSecurity: false } }, useHttps: true, httpsPrivateKey: "config/example.key", httpsCertificate: "config/example.crt",(Re)Start mm and test if
MMM-Hueworks now (there will still be a “mixed content” warning). -
This could be caused by the new electron version if you are running this on a raspberry pi.
If so you could test adding
electronOptionsin yourconfig.jslike:let config = { electronOptions: { webPreferences: { webSecurity: false } }, address: "localhost", port: 8080, -
@mumblebaj I have the same issue with the same error, but with MMM-Homematic since the update to MM 2.18. MM cannot connect to my CCU2 controller to get the device statuses.
@karsten13 your proposal unfortunately didn’t work
But thanks anyway! -
@fozi I have no test setup so this is difficult without …
-
@karsten13 No worries! I just wanted to let you (and others) know that the config entry does not solve the issue.
I made a little research around CORS and -at least for me- it doesn’t seem to be trivial to configure electron in a way that specific origins are allowed without disabling the CORS policy completely.Anyone around with more knowledge?
-
found this one https://pratikpc.medium.com/bypassing-cors-with-electron-ab7eaf331605 which could be tested in
js/electron.js. -
Thanks @karsten13 , seems like it does not work as mentioned below by @Fozi . Seems like the modules uses jQuery and does a call to the bridge to get the data. Seems like I need to log an issue on Github for the module but it has not been touched in the last 3 to 4 years. I will fork it and see if I can make some changes to get it working. The last suggestion you made below seems like code changes module side so I will see what I can do to change it from jQuery to something that would work. Thanks for the replies.
-
you can test the following, I couldn’t test this completely but the cors error was gone in my tests.
First yo need to create own certs, go into the
configfolder of mm (same folder whereconfig.jsis located) and run this command:openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out example.crt \ -keyout example.key \ -subj "/C=DE/ST=Hessen/L=Frankfurt/O=MagicMirror/OU=MM/CN=www.example.com"Then edit your
config.jsand add the following lines under the line withvar config = {electronOptions: { webPreferences: { webSecurity: false } }, useHttps: true, httpsPrivateKey: "config/example.key", httpsCertificate: "config/example.crt",(Re)Start mm and test if
MMM-Hueworks now (there will still be a “mixed content” warning). -
@karsten13 Awesome. That worked. Much appreciated for the assist.
-
@karsten13 You are a genius! That worked for me, too! Thanks so much!
