frontend Home Assistant pages fail to load due to CORS policy / security errors

Home Assistant pages fail to load due to CORS policy / security errors

Open mprobst opened this issue 5 months ago • 1 comments

Checklist

[X] I have updated to the latest available Home Assistant version.
[X] I have cleared the cache of my browser.
[X] I have tried a different browser to see if it is related to my browser.
[ ] I have tried reproducing the issue in safe mode to rule out problems with unsupported custom resources.

Describe the issue you are experiencing

Various sub-pages in Home Assistant fail to load on my installation. It appears that some CORS header isn't set correctly in the server response when dynamically loading additional JavaScript snippets.

Screenshot 2024-02-28 200921

Note the log entries:

Access to script at 'http://lokalhorst:8123/frontend_latest/44356.ka0DMKv3Wu4.js' from origin 'http://lokalhorst:8123' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
44356.ka0DMKv3Wu4.js:1 
Failed to load resource: net::ERR_FAILED

This happens in latest Chrome (121.0.6167.185), but not (yet?) in latest Firefox (123.0).

Describe the behavior you expected

Should load the pages on navigation.

Steps to reproduce the issue

Clear all browser caches.
Navigate to my Home Assistant (http://lokalhorst:8123, i.e. non-SSL, using a hostname. Not sure if that's required)
Navigate to a sub-page, e.g. media or energy
Observe the failure

Strangely enough this appears to only happen on first attempt (and then persistently), but when I close the tab and try again, things work. Maybe there's some caching effect?

What version of Home Assistant Core has the issue?

core-2024.2.4

What was the last working version of Home Assistant Core?

No response

In which browser are you experiencing the issue with?

Google Chrome 121.0.6167.185

Which operating system are you using to run this browser?

Windows 11

State of relevant entities

No response

Problem-relevant frontend configuration

No response

Javascript errors shown in your browser console/inspector

No response

Additional information

No response

Feb 28 '24 19:02 mprobst

frontend frontend copied to clipboard

Home Assistant pages fail to load due to CORS policy / security errors

Checklist

Describe the issue you are experiencing

Describe the behavior you expected

Steps to reproduce the issue

What version of Home Assistant Core has the issue?

What was the last working version of Home Assistant Core?

In which browser are you experiencing the issue with?

Which operating system are you using to run this browser?

State of relevant entities

Problem-relevant frontend configuration

Javascript errors shown in your browser console/inspector

Additional information

frontend
frontend copied to clipboard