Complete
over 5 years ago

Garmin Connect Mobile 4.22 for Android includes the changes to allow HTTP on 127.0.0.1.

Connect version 4.20 broke local http access?

Getting several reports of functionality no longer working, it looks like Android Garmin connect app version 4.20 may have broken web request to local host via urls like http://127.0.0.1:17580/sgv.json?count=3

Parents
  • Fair point about exactly where these changes are coming from. I haven't really looked into it, although I would be shocked if they were much more stringent than Apple. My impression is that it's an overly stringent catch-all policy from Garmin, but that's just my educated guess.

    In addition to local addresses (127.0.0.*) and 192.168.* addresses, if it were up to me, I would personally allow HTTP for all of the non-routable addresses (for private networks), since by definition they are not accessible over the internet. If it's on a local/private network, I think it should be fair game for HTTP.

    https://stackoverflow.com/questions/528538/non-routable-ip-address

    'The private address segments (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255) are commonly referred to as "non-routableaddresses.'

Comment
  • Fair point about exactly where these changes are coming from. I haven't really looked into it, although I would be shocked if they were much more stringent than Apple. My impression is that it's an overly stringent catch-all policy from Garmin, but that's just my educated guess.

    In addition to local addresses (127.0.0.*) and 192.168.* addresses, if it were up to me, I would personally allow HTTP for all of the non-routable addresses (for private networks), since by definition they are not accessible over the internet. If it's on a local/private network, I think it should be fair game for HTTP.

    https://stackoverflow.com/questions/528538/non-routable-ip-address

    'The private address segments (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255) are commonly referred to as "non-routableaddresses.'

Children
  • totally agree.

    desired behaviour should be allow http for localhost and local/private network, to allow to communicate with devices the local network.

    In addition: If for whatever reaon https is enforced, the error code should be correct (1001 instead of 300), Because with current implementation, i cannot create the correct user friendly error to the user.

  • Yes I understand what you meant too. I just don't see why you'd limit it to 192.168.* and not include 10.* and 172.16.*.

    Some orgs use all 3. To be fair, most consumers wouldn't.

  • Sorry: obviously I should amend my post to read:

    "e.g. If your IP address is 192.168.0.1, then no router will ever pass traffic between you and the internet."

  • I understand that.  It's just that 192.168 is the most common being class C and the default on may things.  There's one block for class A, one for class B and one for class C addresses

  • To be clear, the IPv4 (and IPv6) standards already have clear notions of which IP addresses are local/private/non-routable and which are not (as alluded to above). e.g. If your IP address is 192.168.0.1, then no router will ever pass traffic between you and another network. My understanding is that Apple chose to allow HTTP for all IP addresses, but they could've easily just decided to apply that policy to the non-routable IP addresses.