Allow requests to internal IPs

[kosimst]

Is your feature request related to a problem? Please describe. My ioBroker instance is hosted in a private network and cannot be reached from outside. I would like to access the API from a Web App I plan to host publicly. As CORS blocks any requests to internal IPs, this is not possible at the moment.

Describe the solution you'd like In order to allow websites to reach the API on an internal IP, Simple API needs to respond to a preflight request from the browser. Details are described here: https://developer.chrome.com/blog/private-network-access-preflight/. For optimal control and security, an two additional options would need to be added to the admin settings page: One checkbox to enable/disable internal IP access. This reflects on the response to the preflight response. The second option would be an input for domains allowed to access the API on a private IP.

Describe alternatives you've considered Without this option, web either need to be hosted inside the same private network as the Simple API instance or Simple API needs to be accessible from the outside.

[Apollon77]

I think thiswould then be also (more) relevant for web adapter and pot. more adpters with an own HTTP server

[kosimst]

Not necessarily for the web adapter, I don't think any web app would need to access the ioBroker UI. My use case only depends on this API, so I can't speak for other adapters with a web server. I tried to implement it myself on a fork of this adapter, but I didn't find a way to implement the two additional options. In the actual backend, I think there would only be an additional endpoint handler for OPTION requests necessary that sets the required headers accordingly.