allow API access on http port tcp/80

[pvdputte]

Please let the API listen on tcp/80 as well.

There is no authentication anyway and the self-signed https certificate makes life hard for no reason. My home automation plainly refuses to talk to it.

While I'm technical enough to set up a reverse proxy to present the same API without a certificate, this feels silly and is not customer-friendly. It could be open by default or an optional switch.

Alternatively provide a way to replace the self-signed certificate with a trusted one.

 

[hgo58]

Please let the API listen on tcp/80 as well.

There is no authentication anyway and the self-signed https certificate makes life hard for no reason. My home automation plainly refuses to talk to it.

While I'm technical enough to set up a reverse proxy to present the same API without a certificate, this feels silly and is not customer-friendly. It could be open by default or an optional switch.

Alternatively provide a way to replace the self-signed certificate with a trusted one.

Yes. @WiiM Team It makes absolutely no sense to have encryption on this interface on a local network. It do not protect anything.

 

[cc_rider]

Yep, the older Linkplay modules had port 80 open, and even had an HTML UI on it. Not sure why they blocked it on the newer modules. The UPnP/DLNA interface is open, though, and has more functionality than the https interface.

 

[hgo58]

Yep, the older Linkplay modules had port 80 open, and even had an HTML UI on it. Not sure why they blocked it on the newer modules.

Probably because the general misunderstandings about the security of HTTPS versus HTTP.

HTTPS is secure against the "man in the middle" attacks and nothing else. So make no sense on a private network.

 

[pvdputte]

Hmm. I should have posted this in the feature requests section.

 

[QuarryHunslet]

Hmm. I should have posted this in the feature requests section.

Moved to feature request fotum.

 

[johnsmallberries]

I would add also that in the meantime, if you cannot listen to port 80, then at least allow the user to replace the certificate that comes with the devices. www.linkplay.com is not very helpful. I could of course proxy it to 80 with some software, or make a hosts entry to put it on my local network that way (but it would only work for one device since I assume all these devices are coming with the same cert). If I could replace it then I could get a wildcard cert for my domain and load it onto the device(s)