Change firmware update dowload links to use https instead of http #2491
Comments
|
@MSoegtrop, the issue you reported does not seem to be reproducible by the maintainer of this project. Please provide additional information and more detail and please try to reproduce your problem with a fresh test installation and try to find other users having the same problems so that they can support your observations. |
|
Sorry, but I cannot reproduce this issue here in a RaspberryMatic standalone installation. In addition, I can perfectly see that the device download URL are always 
So please elaborate further as I think this might be a HomeAssistant Addon issue only and try to identify the root cause by using your browser console and debugging. |
|
Ok, after some further investigation, I think I have found the reason why this does not work for you. The issue seems to be that you might access home assistant via https, but the internal ingress based access to the WebUI is using plain http for performance reasons. But unfortunately the WebUI has some logic to identify if a connection is running under http or https, thus it will present plain http download links in that case but your main home assistant webui is running https, thus this will end up in that cross-security issue which some browsers simply don't like (having external http links in a https page). |
jens-maus
added
🏷️ WebUI
|
@jens-maus : thanks for the investigations - more complicated than I thought. Would it make sense to always use https for firmware downloads? Since this goes to the internet - unlike usually local access to the WebUI - it would make sense from a security point of view to use https even if the WebUI uses http. Performance should not be relevant for such a download. |
|
Already done, this ticket is closed... |
Describe the issue you are experiencing
Modern web browsers (Firefox since a few years) do not allow to click on http download link - they are completely ignored as if they would not exist. As a result one cannot download firware updates advertised from the dialog box which opens from the start page when there is a firmware update. To actually get the link I had to start the Firefox web debugger, look at the HTML, copy the link, undo the & esacping and paste it to the browser address field.
A simple fix would be to change the adresses to https - I just checked that this does work - exactly the same link just replace http with https. This would also be much safer.
Describe the behavior you expected
I can download a firmware update by clicking on the link in the browser.
Steps to reproduce the issue
You need a device with outdated firmware.
Then in the start screen a message
Geräte-Update: | Neue Geräte-Firmware verfügbar (1)appearsClick on this message -> a dialog box appears with a firmware download link
Click on this firmware download link -> in Firefox nothing happens (not even a warning)
What is the version this bug report is based on?
3.71.12.20231020
Which base platform are you running?
rpi3 (RaspberryPi3)
Which HomeMatic/homematicIP radio module are you using?
HM-MOD-RPI-PCB
Anything in the logs that might be useful for us?
Additional information
I am using an original CCU3 and I am running Raspberry Matic under Home Assistant version 11.0 - I am just using a larger and faster SD card (64 GB). RAM is tight but fine - I am running at 70..80% with a few other integrations (Fritzbox, SMA). I am not sure people know that this actually works - I found some discussions on the internet* which suggest it doesn't. In case there is interest, I could write a report on this.
The text was updated successfully, but these errors were encountered: