Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration v2 fails due to Mixed Content #447

Closed
jalmeroth opened this issue Dec 13, 2017 · 6 comments · Fixed by homieiot/homie-esp8266-setup#9
Closed

Configuration v2 fails due to Mixed Content #447

jalmeroth opened this issue Dec 13, 2017 · 6 comments · Fixed by homieiot/homie-esp8266-setup#9
Assignees
@timpur
Labels
docs
Milestone
v2.1.0

Comments

@jalmeroth
Copy link

I am trying to configure the latest dev-version of Homie 2 (f605adf).

When using the Configurator v2 (probably 03034c6) I am receiving an error in Chrome 63.0.3239.84 (Official Build) (64-bit) and other browsers:

Mixed Content: The page at 'https://marvinroger.github.io/homie-esp8266/configurators/v2/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://192.168.123.1/heart'. This request has been blocked; the content must be served over HTTPS.
@timpur
Copy link
Contributor

timpur commented Dec 14, 2017
edited
Loading

try load it over http ? http://marvinroger.github.io/homie-esp8266/configurators/v2/

your issue is with chrome and really nothing to do with homie, but if you continue to have issues i recommend to actually load the config via your esp itself (this is also in the docs)(http://marvinroger.github.io/homie-esp8266/docs/develop/advanced-usage/ui-bundle/)

@jalmeroth
Copy link
Author

Well, this is not a Chrome issue, it's common, modern browser security. Read more about this here: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content#Mixed_active_content.
The HTTPS site is linked here for example: https://marvinroger.github.io/homie-esp8266/.
I will test the non-HTTPS site later, but it will presumably lead to #446. :)

@marvinroger
Copy link
Member

Well that’s right, the configurator MUST be loaded over HTTP. I thought it was written in the docs, I might have forget that.

@timpur timpur self-assigned this Dec 16, 2017
@timpur timpur added the docs label Dec 16, 2017
@timpur timpur added this to the v2.1.0 milestone Dec 30, 2017
@stritti
Copy link
Collaborator

stritti commented Jan 3, 2020

No progress for long time. Closing issue.

@stritti stritti closed this as completed Jan 3, 2020
@danielwegener
Copy link

danielwegener commented Jan 17, 2020
edited
Loading

Well, a user-friendly fix would be to let the configurator page to reload itself via http if it detects that it is loaded via https. E.g. via document.location.protocol. Or to simply display a warning with a generated link to the current location via http (many hosting locations may decide to enforce https via HSTS which would end in an infinit redirect loop).

@stritti
Copy link
Collaborator

stritti commented Jan 18, 2020

@danielwegener PR is welcome 😀

danielwegener added a commit to danielwegener/homie-esp8266-setup that referenced this issue Jan 18, 2020
@danielwegener
Show mixed content warning
eb97236 
Fixes homieiot/homie-esp8266/issues/447
/cc @stritti
@danielwegener danielwegener mentioned this issue Jan 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timpur timpur

Labels
docs
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

Show mixed content warning danielwegener/homie-esp8266-setup
5 participants
@stritti @marvinroger @danielwegener @jalmeroth @timpur