As I mentioned here, aiohttp unconditionally adds Accept-Encoding: gzip, deflate header, without adding Referer or Origin, so it triggers myStrom's CORS protection
A workaround is to disable CORS protection on the device, but a better solution would be to add Referer or Origin header to avoid compromising security even more.
This protection was introduced in the following firmware versions:
- WS2/WSE/WRS/WLL 3.82.56
- WRB 2.59.32
- WBP/WBS 2.74.36
As I mentioned here, aiohttp unconditionally adds
Accept-Encoding: gzip, deflateheader, without addingRefererorOrigin, so it triggers myStrom's CORS protectionA workaround is to disable CORS protection on the device, but a better solution would be to add
RefererorOriginheader to avoid compromising security even more.This protection was introduced in the following firmware versions: