I’m writing a single page (web) application as a custom Frontend for Home Assistant. I want to use JS to talk to the HA APIs. I’m running into the dreaded Cross-Origin Request Blocked error. I have configured HA according to the documentation, putting the http integration option relating to CORS in configuration.yaml:
http:
cors_allowed_origins:
- http://ymir.local
I’m still getting the Cross-Origin Request Blocked error even though the request specifies http://ymir.local as the Origin:
Host: hassio.local:13793
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:73.0) Gecko/20100101 Firefox/73.0
Accept: */*
Accept-Language: en-US,en;q=0.7,nl;q=0.3
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: http://ymir.local/
Origin: http://ymir.local
DNT: 1
Connection: keep-alive
The error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://hassio.local:8123/api. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://hassio.local:8123/api. (Reason: CORS request did not succeed).
Has anyone made this work? Am I missing a trick?
Thanks in advance.