Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
acicali
Reel Rookie

ECP going away? CORS-RFC1918

Hi,

I created a web-based Roku remote using ECP that I've been using for over a year. Recently it stopped working in Google Chrome because requests from public hosts to private networks has been deprecated (CORS-RFC1918).

None of the proposed solutions seem possible with ECP (https://developer.chrome.com/blog/private-network-access-update/#accessing-private-ip-addresses).

Has anyone else had experience with this? Are there any solutions being considered by Roku so that ECP remains accessible into the future?

Thanks for reading.

4 REPLIES 4
baby
Channel Surfer

Re: ECP going away? CORS-RFC1918

Same issue here.....

0 Kudos
acicali
Reel Rookie

Re: ECP going away? CORS-RFC1918

What I did to resolve this was to replace my fetch / XMLHttpRequests with form posts. A simple service that creates a form element via document.createElement('form'), then sets it's method to POST, it's action to the desired Roku endpoint (e.g. "http://192.168.1.25:8060/keypress/Play") and finally, calls submit() on the form.

I hope this helps!

baby
Channel Surfer

Re: ECP going away? CORS-RFC1918

That fixes that, yes, but Roku is now evidently inspecting the host and/or referrer header to make sure that the request comes from the same network, and throwing 403 forbidden otherwise.

I'm using a website on another network to show the web gui, and although it is technically the local client doing the requests directly to 192.168.x.x, the Roku is somehow seeing the website address and throwing 403.

If I run the exact same html manually/directly from chrome instead of loading it from the website, it works properly.

This is due to another security feature:  https://community.roku.com/t5/Roku-Developer-Program/External-Control-API-suddenly-returns-403-Forbi...

 

0 Kudos
acicali
Reel Rookie

Re: ECP going away? CORS-RFC1918

I know this post is old, but that seems to be an unrelated issue caused by using a hostname instead of the IP address.

Making your ECP requests to the device via IP address should resolve that issue.

0 Kudos