python-mystrom icon indicating copy to clipboard operation
python-mystrom copied to clipboard
verified publisher icon home-assistant-ecosystem

Handle CORS protection

Open shastah opened this issue 4 years ago • 0 comments

As I mentioned here, aiohttp unconditionally adds Accept-Encoding: gzip, deflate header, without adding Referer or Origin, so it triggers myStrom's CORS protection

A workaround is to disable CORS protection on the device, but a better solution would be to add Referer or Origin header to avoid compromising security even more.

This protection was introduced in the following firmware versions:

  • WS2/WSE/WRS/WLL 3.82.56
  • WRB 2.59.32
  • WBP/WBS 2.74.36

shastah avatar Sep 03 '21 23:09 shastah