Update seems to require port 80 open in firewall?

So I had my pi4 running latest and greatest Home Assistant for a while now. Just works perfect.

Out of random reason I decided to put packet filtering ON in my firewall, and well I don’t seem to like port 80 (http) communication anymore, so I only allowed port 443 (https). Everything seems to work, except the upgrade process in Home Assistant. After some digging around I noticed that Home Assistant during the upgrade process seems to like to open port 80 against IP (Cloudflare as far as I can tell). And port 443 of course…

So why do the upgrade process need port 80? Could this be changed to only use port 443? I can see no real reason to why port 80 is needed???

Possibly related to this?? Same cause I mean

Short answer from link (re:addons needing port 80 for update) seemed to be that network manager uses it…its standard practice…further discussion needed before consider changing

Not directly related to HA, but things like linux packages are often sent over http, so this isn’t unusual for HA to do something similar.

Yepp, that bug is the same for sure. It was a plugin at the two times I have encountered it so far.

Strange to call it standard practice, when it comes to security - MITM in all good and bad, but http (port 80) is a joke.