Hi,
I have a domain to access my homeassistant from WAN which I currently access by going to my-domain.com:8123.
I wanted to improve security by masking the domain so I added a masked URL redirect record to redirect ha.my-domain.com to my-domain.com:8123.
The problem is that the redirect is failing on multiple browsers. Opera fails with: ERR_BLOCKED_BY_RESPONSE and Firefox also fails with To protect your security,your-domain.com will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.
Also probably important to note that my domain is not SSL secured so it might also be something causing my browsers to fail.
Does anyone have an idea how to resolve the redirect issue? Whether something can be done in HA configs or do I need to add an nginx to the mix?
Thanks
Are 3rd party cookies blocked?
Nope, they are enabled on both browsers
Are you using iframe in your dashboard?
I’m not sure because the redirect should send me to the homeassistant login page, which from checking the source code does not use an iframe.
From what I remember this is most likely the issue. It’s called “Mixed Content”
It has to be the SSL certificate or the redirect is not correct. I downloaded FF and maxed out the security settings. I was still able to access via HTTP and HTTPS.
1 Like
Sadly, my domain provider (Namecheap) does not support HTTPS redirection. This is a huge bummer. Also 3rd party redirects did not work (I tried domain-redirect.com).
I just want to confirm one last time. Is this for sure in your opinion a web problem (either insecure redirect or trying to access a non HTTP/HTTPS port) rather than a potential problem with the HA implementation causing it to be considered insecure by browsers?
I know the redirect requires this…
I would lean towards a configuration issue.
2 Likes
