Read the statement by Michael Teeuw here.
MMM-Hue CORS Policy Issue
-
I seem to be having an issue after updating to 2.18 yesterday. MMM-Hue seems not to be working anymore. I get the following error:
Access to XMLHttpRequest at 'http://bridgeip/api/user/groups' from origin 'http://0.0.0.0:8080' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.Has anybody else had the same issue after updating? There are no errors in the logs. The above error is from the Developer Console.
Check out my modules at: https://github.com/mumblebaj?tab=repositories
Check my blog-post: https://mumblebaj.xyz/
Check my MM Container: https://hub.docker.com/repository/docker/mumblebaj/magicmirror/general -
you can test the following, I couldn’t test this completely but the cors error was gone in my tests.
First yo need to create own certs, go into the
configfolder of mm (same folder whereconfig.jsis located) and run this command:openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out example.crt \ -keyout example.key \ -subj "/C=DE/ST=Hessen/L=Frankfurt/O=MagicMirror/OU=MM/CN=www.example.com"Then edit your
config.jsand add the following lines under the line withvar config = {electronOptions: { webPreferences: { webSecurity: false } }, useHttps: true, httpsPrivateKey: "config/example.key", httpsCertificate: "config/example.crt",(Re)Start mm and test if
MMM-Hueworks now (there will still be a “mixed content” warning). -
This could be caused by the new electron version if you are running this on a raspberry pi.
If so you could test adding
electronOptionsin yourconfig.jslike:let config = { electronOptions: { webPreferences: { webSecurity: false } }, address: "localhost", port: 8080, -
@mumblebaj I have the same issue with the same error, but with MMM-Homematic since the update to MM 2.18. MM cannot connect to my CCU2 controller to get the device statuses.
@karsten13 your proposal unfortunately didn’t work :-( But thanks anyway! -
@fozi I have no test setup so this is difficult without …
-
@karsten13 No worries! I just wanted to let you (and others) know that the config entry does not solve the issue.
I made a little research around CORS and -at least for me- it doesn’t seem to be trivial to configure electron in a way that specific origins are allowed without disabling the CORS policy completely.Anyone around with more knowledge?
-
found this one https://pratikpc.medium.com/bypassing-cors-with-electron-ab7eaf331605 which could be tested in
js/electron.js. -
Thanks @karsten13 , seems like it does not work as mentioned below by @Fozi . Seems like the modules uses jQuery and does a call to the bridge to get the data. Seems like I need to log an issue on Github for the module but it has not been touched in the last 3 to 4 years. I will fork it and see if I can make some changes to get it working. The last suggestion you made below seems like code changes module side so I will see what I can do to change it from jQuery to something that would work. Thanks for the replies.
-
you can test the following, I couldn’t test this completely but the cors error was gone in my tests.
First yo need to create own certs, go into the
configfolder of mm (same folder whereconfig.jsis located) and run this command:openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out example.crt \ -keyout example.key \ -subj "/C=DE/ST=Hessen/L=Frankfurt/O=MagicMirror/OU=MM/CN=www.example.com"Then edit your
config.jsand add the following lines under the line withvar config = {electronOptions: { webPreferences: { webSecurity: false } }, useHttps: true, httpsPrivateKey: "config/example.key", httpsCertificate: "config/example.crt",(Re)Start mm and test if
MMM-Hueworks now (there will still be a “mixed content” warning). -
@karsten13 Awesome. That worked. Much appreciated for the assist.
-
@karsten13 You are a genius! That worked for me, too! Thanks so much!
-
@fozi thanks but … no
would be better to have a solution without
https, may someone else gets this figured out.As an improvement for the above solution with
https:Holding the certs in the
configdirectory makes them accessible from outside so better move them into a new directory besideconfig, e.g.certswhich is not exposed. Don’t forget to updateconfig.jsafterwards. -
@karsten13 So I have been tinkering with the MMM-Hue module a bit and have replaced
jQuerywhich seems to invokeXMLHttpRequest, withnode-fetch, albeit the older version (2.6.1) of node-fetch, but it now returns data without requiring a certificate and the use of https.Check out my modules at: https://github.com/mumblebaj?tab=repositories
Check my blog-post: https://mumblebaj.xyz/
Check my MM Container: https://hub.docker.com/repository/docker/mumblebaj/magicmirror/general -
The same problem appears to happen with MMM-Homematic. Getting same errors after update to 2.18.0
Access to XMLHttpRequest at 'http://192.168.178.xx/addons/xmlapi/state.cgi?datapoint_id=1824' from origin 'http://0.0.0.0:8080' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private. -
-
@karsten13 Its working now with:
var config = { electronOptions: { webPreferences: { webSecurity: false } }, useHttps: true, httpsPrivateKey: "config/example.key", httpsCertificate: "config/example.crt", address: "localhost", port: 8080, // address: '0.0.0.0', ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1", "::ffff:192.168.178.1/120", "192.168.178.100/24"], language: 'de', modules: [But with this setting, i have noc access the the RemoteControl-GUI and API also! ;(
I really use it with my homeautomation to show/ hide modules.Is there another possibility?
-
you must access the site with
https, e.g.https://192.168.0.143:8080/remote.html -
There is now a new version available for MMM-Homematic that also works w/o changing the config.
-
@carstend Yeah, was just noted, too, about the update.
Some how I ran ino a problem when applying ‘git pull’, so I had to reinstall the module.
First the screen remained black. so I hat to install manually the ‘request’ library manually (see https://forum.magicmirror.builders/topic/15778/fix-for-black-screen-in-2-16-and-later). Now it works! -
@mumblebaj This is the new module I created. Does not require https.
https://github.com/mumblebaj/MMM-PhilipsHue.git
I am sure this will need to be changes once they enforce the headers stuff but for now it will work just fine.
-
@karsten13 said in MMM-Hue CORS Policy Issue:
you must access the site with
https, e.g.https://192.168.0.143:8080/remote.htmlUnfortunatly its not working via https. Still connection refused. I dint think that https://github.com/CatoAntonsen/MMM-MotionEye will update after 5 years.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login