makeWebRequest still broken for local non-SSL requests?

Hi all,

I'm working on a simple widget which should be able to trigger some Node-Red actions via http requests (for house automation system).

Now I've faced the same issue as many of us: the request fails with -1001 (SECURE_CONNECTION_REQUIRED). If I understood the old threads correctly it's because of the security manifest of the Garmin IQ App on my Android phone, which prevents the communication to non-ssl web addresses.

Now I'm wondering what's the current state of this issue because the last messages talking about that are 3 years ago or older. Is this really still an issue or did I something wrong?

Or did someone find a good workaround without changing the network infrastructure (adding certificates, proxy API in the internet) or recompiling the Garmin IQ app (temporary until the next update)?

Any feedback appreciated, thanks!

Top Replies

jim_m_58 over 2 years ago +2

It's not broken, it's by design. Unless the server is running on your phone (127.0.0.1 or localhost) you need to use https)

Here's the completed bug report that allows 127.0.0.1

https://forums…

All Replies

0 gasteropod over 2 years ago in reply to jim_m_58

They are seeing a timeout here rather than a 404 which could imply this is not a cert issue. What's also interesting is that the thread you reference states that the watches do not support let's encrypt certificates, but that is not my experience. I use let's encrypt certificates and have no problems with WLAN ie wifi is used. I'll reply to that thread since I'd be interested in the "not supported" comment.

0 Wearable over 2 years ago

I think I know why my CA is not working, waterkip is right:

Android distinguishes between official CAs and CAs added by the user. Apps can decide whether they want to use the user trust store or not.
The setting can be found in the "network_security_config.xml" of an app and this article

https://www.instructables.com/About-Communication-Between-Garmin-SDK-and-a-Raspb/

shows the content of this file for the Garmin app (or at least how it was). Here <certificates src="user" /> is added in debug mode only, meaning my CA is not taken into account in the release version.

I don't know why error -300 is shown, but I found a different solution which is fine for me. Luckily my router supports custom DNS entries for local devices and my home automation server now has the domain "strava.com". Because the Garmin app allows to reach this site with non-SSL, the http-calls are working.