We identified (and received reports of) an issue connecting from the SDK website to Misty today. From the perspective of the browser tools, this is reported at a CORS issue. As it turned out, this is a change to Chrome that can be seen here. We’ve updated the SDK website, which restores the previous behavior, but this solution will almost certainly have a limited lifespan as Google plans to deprecate the workaround with version 102 of Chrome. I apologize for the hiccup.
That said, I’m interested in what anybody thinks regarding a potential long term solution. If we’re heading to a world where mixed SSL won’t work, this is going to get complicated. Off the top of my head, I think these are the potential solutions, but I’d really like to hear about any others as these all have drawbacks.
- Host the SDK website and associated content on Misty. This dodges the mixed SSL issue, and if SSL were required, would force the user to accept a self signed cert from the robot.
- Give users documentation around how to register Misty with their network DNS, and tools to install and configure an x509 certificate. This is fine if you have access to good IT resources, but would introduce an onerous process.
- Allow Misty robots to register with a hosted web portal that acts as a proxy, handling certificate validation internally. Users would log in to the portal to access their robot without needing a direct IP connection. The big downside here is building up and maintaining that infrastructure, robot management, and ultimately security concerns around robot access.
Are there other good options?