Smart Light CORS Issue

#1

Dear All,

When using the PWA web app, i face an error, below are steps:

  1. Connect wifi to the AP of esp8266
  2. Click on "Scan:
  3. Open console of browser

I get the following error:

Access to XMLHttpRequest at 'http://192.168.4.1/GetKey' from origin 'http://mdash.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
app.js:336 Error:  Error: Network Error
    at e.exports (spread.js:25)
    at XMLHttpRequest.l.onerror (spread.js:25)

What shall I do to solve, this is a CORS issue.

#2

We have run into CORS issues as well with mDash devices. It can be a real challenge.

While I am not an authority here, we have learned the hard way that CORS issues can crop up when you attempt to access an insecure host (e.g. HTTP server on your ESP8266 or ESP32) from a secure (HTTPS) website.

Your success will depend largely on the policies of the host that is attempting to make an HTTP connection to your mDash ESP device. Most modern static web hosting sites will not allow you to open HTTP link from your site in the name of security. They enforce mandatory HTTPS and if your target endpoint doesn’t support it then you are out of luck.

This is a major bummer since you can’t use sites like Netlify, FireBase, Zeit and other top-tier hosts. Yes, you can use mDash’s built-in web host - it doesn’t enforce this restriction but it lacks many of the features of the established players.

Are you trying to access your ESP device from a custom web site? If so, who is your host?

-AD