Turn HTTP API (command `SetOption128 1`) default on for backward compatibility

CHANGELOG.md

@@ -3,7 +3,11 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased] - Development
 
-## [9.5.0.6]
+## [9.5.0.7]
+### Added
+- Turn HTTP API (command ``SetOption128 1``) default on for backward compatibility
+
+## [9.5.0.6] 20210820
 ### Added
 - Version bump to monitor possible HTTP issues releated to ``SetOption128``
 

RELEASENOTES.md

@@ -98,10 +98,11 @@ The latter links can be used for OTA upgrades too like ``OtaUrl http://ota.tasmo
 
 [Complete list](BUILDS.md) of available feature and sensors.
 
-## Changelog v9.5.0.6
+## Changelog v9.5.0.7
 ### Added
 - Release of [Tasmota WebInstaller](https://arendst.github.io/Tasmota-firmware/)
 - Command ``SetOption127 1`` to force Wi-Fi in no-sleep mode even if ``Sleep 0`` is not enabled
+- Command ``SetOption128 0|1`` web referer check disabling HTTP API commands if set to 0. Default set to 1 for backward compatibility [#12828](https://github.com/arendst/Tasmota/issues/12828)
 - Command ``SetSensor1..127 0|1`` to globally disable individual sensor driver
 - Neopool commands ``NPPHRes``, ``NPCLRes`` and ``NPIonRes`` [#12813](https://github.com/arendst/Tasmota/issues/12813)
 - Support for second DNS server
@@ -118,7 +119,6 @@ The latter links can be used for OTA upgrades too like ``OtaUrl http://ota.tasmo
 - Support for CAN bus and Freedom Won Battery Management System by Marius Bezuidenhout [#12651](https://github.com/arendst/Tasmota/issues/12651)
 - Optional IP filter to command ``TCPStart`` [#12806](https://github.com/arendst/Tasmota/issues/12806)
 - Inital support for Wi-Fi extender [#12784](https://github.com/arendst/Tasmota/issues/12784)
-- Command ``SetOption128 1`` disabling web referer check default blocking HTTP web commands [#12828](https://github.com/arendst/Tasmota/issues/12828)
 
 ### Changed
 - Move firmware binaries to https://github.com/arendst/Tasmota-firmware/tree/main/release-firmware

tasmota/settings.ino

@@ -888,6 +888,7 @@ void SettingsDefaultSet2(void) {
   Settings->weblog_level = WEB_LOG_LEVEL;
   SettingsUpdateText(SET_WEBPWD, PSTR(WEB_PASSWORD));
   SettingsUpdateText(SET_CORS, PSTR(CORS_DOMAIN));
+  Settings->flag5.disable_referer_chk |= true;
 
   // Button
   flag.button_restrict |= KEY_DISABLE_MULTIPRESS;
@@ -1395,6 +1396,9 @@ void SettingsDelta(void) {
       SettingsUpdateText(SET_RGX_SSID, PSTR(WIFI_RGX_SSID));
       SettingsUpdateText(SET_RGX_PASSWORD, PSTR(WIFI_RGX_PASSWORD));
     }
+    if (Settings->version < 0x09050007) {
+      Settings->flag5.disable_referer_chk = true;
+    }
 
     Settings->version = VERSION;
     SettingsSave(1);

tasmota/support_command.ino

@@ -568,11 +568,10 @@ void CmndStatus(void)
   if ((0 == payload) || (5 == payload)) {
     Response_P(PSTR("{\"" D_CMND_STATUS D_STATUS5_NETWORK "\":{\"" D_CMND_HOSTNAME "\":\"%s\",\"" D_CMND_IPADDRESS "\":\"%_I\",\""
                           D_JSON_GATEWAY "\":\"%_I\",\"" D_JSON_SUBNETMASK "\":\"%_I\",\"" D_JSON_DNSSERVER "1\":\"%_I\",\"" D_JSON_DNSSERVER "2\":\"%_I\",\""
-                          D_JSON_MAC "\":\"%s\",\"" D_CMND_WEBSERVER "\":%d,\"" D_CMND_WIFICONFIG "\":%d,\"" D_CMND_WIFIPOWER "\":%s,\"" D_HTTP_API "\":\"%s\"}}"),
+                          D_JSON_MAC "\":\"%s\",\"" D_CMND_WEBSERVER "\":%d,\"HTTP_API\":%d,\"" D_CMND_WIFICONFIG "\":%d,\"" D_CMND_WIFIPOWER "\":%s}}"),
                           NetworkHostname(), (uint32_t)NetworkAddress(),
                           Settings->ipv4_address[1], Settings->ipv4_address[2], Settings->ipv4_address[3], Settings->ipv4_address[4],
-                          NetworkMacAddress().c_str(), Settings->webserver, Settings->sta_config, WifiGetOutputPower().c_str(),
+                          NetworkMacAddress().c_str(), Settings->webserver, Settings->flag5.disable_referer_chk, Settings->sta_config, WifiGetOutputPower().c_str());
-                          (Settings->flag5.disable_referer_chk) ? PSTR(D_ENABLED) : PSTR(D_DISABLED) );
     CmndStatusResponse(5);
   }
 

tasmota/tasmota_version.h

@@ -20,6 +20,6 @@
 #ifndef _TASMOTA_VERSION_H_
 #define _TASMOTA_VERSION_H_
 
-const uint32_t VERSION = 0x09050006;
+const uint32_t VERSION = 0x09050007;
 
 #endif  // _TASMOTA_VERSION_H_

tasmota/xdrv_01_webserver.ino

@@ -316,7 +316,7 @@ const char HTTP_FORM_OTHER[] PROGMEM =
   "<br>"
   "<label><b>" D_WEB_ADMIN_PASSWORD "</b><input type='checkbox' onclick='sp(\"wp\")'></label><br><input id='wp' type='password' placeholder=\"" D_WEB_ADMIN_PASSWORD "\" value=\"" D_ASTERISK_PWD "\"><br>"
   "<br>"
-  "<label><input id='b3' type='checkbox'%s><b>" D_HTTP_API_ENABLE "</b></label><br>"  
+  "<label><input id='b3' type='checkbox'%s><b>" D_HTTP_API_ENABLE "</b></label><br>"
   "<label><input id='b1' type='checkbox'%s><b>" D_MQTT_ENABLE "</b></label><br>"
   "<br>"
   "<label><b>" D_DEVICE_NAME "</b> (%s)</label><br><input id='dn' placeholder=\"\" value=\"%s\"><br>"
@@ -667,7 +667,7 @@ bool HttpCheckPriviledgedAccess(bool autorequestauth = true)
         return true;
       }
     }
-    AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_HTTP "Referer denied. Use 'SO128 1' for HTTP API commands. 'Webpassword' is recommended."));
+    AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_HTTP "Referer '%s' denied. Use 'SO128 1' for HTTP API commands. 'Webpassword' is recommended."), referer.c_str());
     return false;
   } else {
     return true;
@@ -2189,7 +2189,7 @@ void OtherSaveSettings(void) {
   cmnd += F(";" D_CMND_SO "3 ");
   cmnd += Webserver->hasArg(F("b1"));
   cmnd += F(";" D_CMND_SO "128 ");
-  cmnd += Webserver->hasArg(F("b3"));  
+  cmnd += Webserver->hasArg(F("b3"));
   cmnd += AddWebCommand(PSTR(D_CMND_DEVICENAME), PSTR("dn"), PSTR("\""));
   char webindex[5];
   char cmnd2[24];                             // ";Module 0;Template "