MMM-Hue CORS Policy Issue

Fozi

@karsten13 You are a genius! That worked for me, too! Thanks so much!

karsten13

@fozi thanks but … no

would be better to have a solution without https, may someone else gets this figured out.

As an improvement for the above solution with https:

Holding the certs in the config directory makes them accessible from outside so better move them into a new directory beside config, e.g. certs which is not exposed. Don’t forget to update config.js afterwards.

mumblebaj

@karsten13 So I have been tinkering with the MMM-Hue module a bit and have replaced jQuery which seems to invoke XMLHttpRequest, with node-fetch, albeit the older version (2.6.1) of node-fetch, but it now returns data without requiring a certificate and the use of https.

CarstenD

The same problem appears to happen with MMM-Homematic. Getting same errors after update to 2.18.0

Access to XMLHttpRequest at 'http://192.168.178.xx/addons/xmlapi/state.cgi?datapoint_id=1824' from origin 'http://0.0.0.0:8080' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private.

karsten13

@carstend

yes, was already reporty by @Fozi some posts above, MMM-Homematic uses jquery too.

OberfragGER

@karsten13 Its working now with:

var config = 
{
  electronOptions: {
		webPreferences: {
			webSecurity: false
		}
	},
  useHttps: true,
  httpsPrivateKey: "config/example.key",
  httpsCertificate: "config/example.crt",
  address: "localhost", 
  port: 8080,
//  address: '0.0.0.0',
  ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1", "::ffff:192.168.178.1/120", "192.168.178.100/24"],
  language: 'de',
  modules: [

But with this setting, i have noc access the the RemoteControl-GUI and API also! ;(
I really use it with my homeautomation to show/ hide modules.

Is there another possibility?

karsten13

@oberfragger

you must access the site with https, e.g. https://192.168.0.143:8080/remote.html

CarstenD

There is now a new version available for MMM-Homematic that also works w/o changing the config.

Fozi

@carstend Yeah, was just noted, too, about the update.
Some how I ran ino a problem when applying ‘git pull’, so I had to reinstall the module.
First the screen remained black. so I hat to install manually the ‘request’ library manually (see https://forum.magicmirror.builders/topic/15778/fix-for-black-screen-in-2-16-and-later). Now it works!

mumblebaj

@mumblebaj This is the new module I created. Does not require https.

https://github.com/mumblebaj/MMM-PhilipsHue.git

I am sure this will need to be changes once they enforce the headers stuff but for now it will work just fine.

OberfragGER

@karsten13 said in MMM-Hue CORS Policy Issue:

@oberfragger

you must access the site with https, e.g. https://192.168.0.143:8080/remote.html

Unfortunatly its not working via https. Still connection refused. I dint think that https://github.com/CatoAntonsen/MMM-MotionEye will update after 5 years.

karsten13

@oberfragger

can you access the mirror with https://<ip-of-pi>:8080?

May you are using a client which is not in the ipWhitelist? You can test this with setting ipWhitelist: [], in your config.js.

OberfragGER

@karsten13 said in MMM-Hue CORS Policy Issue:

https://:8080

No. Thats excactly what im telling you:

When

  address: "localhost", 

then i dont have any access to https://ip-of-pi:8080 or http://ip-of-pi:8080.

When

address: '0.0.0.0',

i have no problem to access Remote-Control-Gui/ Webpage. The ipWhitelist is aready set.

sdetweil

@oberfragger correct… localhost means ONLY apps INSIDE the same machine can connect.

so you could open a browser ON THE PI screen and connect, but not from another device

0.0.0.0 means listen for incoming connections on all network interfaces

(Ethernet and wifi at once, on pi4 if both enabled)

OberfragGER

@sdetweil Thank you for you clarification.
Thats really not good. So i have to decide to get rid og MMM-Motioneye for another camera module which is working…or not to use MMM-Remotecontrol… or not to Update from 2.17 (i have an old image with a fresh install).

sdetweil

@oberfragger you might try with address:“192.168.x.y”

where x and y are from the IP address of the mm machine

OberfragGER

@sdetweil said in MMM-Hue CORS Policy Issue:

@oberfragger you might try with address:“192.168.x.y”

where x and y are from the IP address of the mm machine

Hey @sdetweil,
sorry for the late reply. Thanks for your help, again. With that, i have MM running with 2.18 an d MMM-Motionseye is displaying the stream.

Thanks a lot.

Edit: For anyone who reads this. After set

adress: "192.168.X.X"

the module GoogleBirthdaysProvider was not working any longer due the config of that module.
Just change

url: 'http://localhost:8080/mmm-googlebirthdaysprovider',

to

url: 'http://192.168.X.X:8080/mmm-googlebirthdaysprovider',

sdetweil

@oberfragger just to let you know ip
addresses

192.168
and
10.

are not routable over the internet . they are intended only for local private networks. so having your full address doesn’t allow anyone to access it unless they are also on your network. (if they are on your network, they can find all the active addresses in a few seconds.

my desktop is 192.168.2.106

spitzlbergerj

@CarstenD said in MMM-Hue CORS Policy Issue:

There is now a new version available for MMM-Homematic that also works w/o changing the config.

Hi @CarstenD ,

where can I find this new version? At https://github.com/Sickboy78/MMM-Homematic is still the old version.

Sorry, but i don’t get it

Regards
Josef