Accessing HE using https stops dashboards working

mattias · March 29, 2019, 6:45pm

I just noticed that when I connect to my HE over https I cannot open any of my local dashboards. They show up in the list of dashboards, but nothing happens when I click on them to open them. It works fine using http. I'm using version 2.0.8 of HE

patrick · March 29, 2019, 7:04pm

Assuming on the latest version on chrome?

Try clicking the top "Dashboard Menu" to escape the iframe and you should be able to use your dashboards.

mattias · March 29, 2019, 7:16pm

That works. Thank you! Is there a fix for this planned so it can be used in the iframe, using Chrome?

patrick · March 29, 2019, 7:30pm

Sure, fix is planned, once we find the cause... Think this is due to a recent chrome change to block mixed content.

mattias · March 29, 2019, 8:20pm

Ah, so the dashboards are only display in http? I presume there is some underlying challenge with dashboards that prevents you from publishing them using https?

patrick · March 29, 2019, 8:37pm

They work fine over ssl / https... Something in the dashboard menu is not sending it correctly when in the iframe. Haven't had a chance to dive in and see what the root cause is. But escaping the iframe makes it work. You can switch any dashboard link to https and it will work. Except possibly where browsers like iOS block unsigned certs to websockets.

lpakula · October 23, 2022, 11:19pm

Poking this thread since I have the same issue. What I've experiencing is the dashboard local links all have the IP hardcoded into them (not the hostname) so the SSL fails and the dashboard won't load.

If I copy the link that fails, and replace it with a hostname, then it works.

IE:
This is the link that Hubitat is using:
https://192.168.2.1/apps/api/1/dashboard/1?access_token=&local=true

But it needs to be:
https://hubitat.localdomain.com/apps/api/1/dashboard/1?access_token=&local=true

ksarnelli · December 9, 2022, 5:48pm

I'd like to bump this thread too - this has been an annoyance for me for years. What @lpakula described is accurate.

bigjohns97 · August 24, 2023, 2:27pm

Same issue happening to me, basically keeps me from being able to use SSL.

EDIT: I found a workaround...

Open your hubitat using ssl locally using the FQDN
Go to your dashboard and copy the URL in the error in chrome (hover over iframe) with the token ID
Paste this into your address bar in chrome (should be the local IP) and then click the not secure and go to site settings
scroll down to unsecure content and change the Block (default) to allow.

This will only allow unsecure content at the IP address on your LAN in this browser, I was unable to make this change on a mobile version of chrome, so just use the cloud version from mobile.

IMO it would really be nice if when enabling SSL you were allowed to set the FQDN referenced when hitting the local dashboards.