Handle CORS protection #28
Description
As I mentioned here, aiohttp unconditionally adds Accept-Encoding: gzip, deflate header, without adding Referer or Origin, so it triggers myStrom's CORS protection
A workaround is to disable CORS protection on the device, but a better solution would be to add Referer or Origin header to avoid compromising security even more.
This protection was introduced in the following firmware versions:
- WS2/WSE/WRS/WLL 3.82.56
- WRB 2.59.32
- WBP/WBS 2.74.36