I was having this same problem, and just upgraded to 2.2.2.129 and it solved my problems too!
3 Likes
I'm away on holiday so will check the fix for my setup when I get back home soon!
1 Like
Just got back from holiday and it looks like the bug is fixed for me. My dashboard is now updating again properly. Thank you!
Now that I'm making more use of Hubitat I need CORS support. When 40 or so endpoints and dynamic addresses I can't maintain a list of all of them. I need a flag that opens up CORS for all my local addresses.
You have 40 or so web apps connecting to Hubitat and the only problem is you can't maintain a list of the apps? Interesting.
CORS has no mechanism for this. How would you imagine specifying/defining what "all local addresses" means?
1 Like
I do this all the time on my own software -- I simply do CORS for all local connections. CORS says nothing at all about the policy -- it's up to the app to decide which connections to accept. An "accept all" or "accept all local" would work just fine.
As to managing a list of over 250 endpoints that are constantly changing. That's why I chose to use DHCP for your home network. It is the computer's job to keep track not mine
192.168.0.1/*
Yes. Also DHCP info or "private address range" or 172.20.0.1/22.
OK... OK... OK...
This thread is specifically for Maker API. A general discussion on CORS, or name resolution, should be moved to a new thread.
CORS is essential for using hte Maker API from the browser.
Well, I'll add on the commiserate "for you" on that statement, as that is not a universal truth.
Anyway, @bcopeland do you know what ever happened to the Maker API CORS fix? I know it was rolled back due to issues, but as far as I know it died there. Is the fix still being worked on?
There's also the need for an https option for browser apps.
Was it?.. I thought we were done with this
I’ll check into it
I think so? Not 100% though.
File a separate thread/feature request for that.
2 Likes
We ran into security issues, and pulled back from this. This is not a priority for us just now.
2 Likes
This is not happening. It is not possible to get a public certificate for LAN access. This has been discussed ad nauseam before.
4 Likes
I too used to think you couldn't get a cert for a local device but finally realized all a cert does it attest that the string you used matches that in the cert. You can use the ACME protocol with LetsEncrypt to insert a TXT record into the DNS zone file and then get a specific or wildcard cert. It's working very well within my LAN for devices with no external visibility.
Of course, CORS is a security issue but it's minor compared with using HTTP and depending upon perimeter security. So if we accept HTTP then I'm not sure why CORS would be an issue.
