Fix: allow HTTP and local URL connections to Home Assistant

CSP only allowed wss/https, and macOS ATS blocked cleartext HTTP to
local domains and IPs — causing connection failures for the default
HA setup (http + mDNS). Add ws/http to CSP, enable ATS local
networking, and detect ATS errors in error normalization.

Author: tiagonoronha

src-tauri/Info.plist

@@ -8,5 +8,10 @@
     <string/>
     <key>CFBundleIconName</key>
     <string>AppIcon</string>
+    <key>NSAppTransportSecurity</key>
+    <dict>
+      <key>NSAllowsLocalNetworking</key>
+      <true/>
+    </dict>
   </dict>
 </plist>

src-tauri/tauri.conf.json

@@ -27,7 +27,7 @@
       "iconAsTemplate": true
     },
     "security": {
-      "csp": "default-src 'self'; script-src 'self'; connect-src 'self' wss://* https://*; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
+      "csp": "default-src 'self'; script-src 'self'; connect-src 'self' wss://* ws://* https://* http://*; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
     }
   },
   "bundle": {

src/shared/errorNormalization.ts

@@ -73,6 +73,14 @@ export function normalizeConnectionError(
   if (str.includes("timeout") || str.includes("timed out")) {
     return "Connection timed out. The server may be unreachable.";
   }
+  if (
+    str.includes("cleartext") ||
+    str.includes("app transport security") ||
+    str.includes("ats") ||
+    str.includes("insecure load")
+  ) {
+    return "Cleartext HTTP blocked by macOS App Transport Security. Use https:// or a .local address.";
+  }
 
   return typeof errCode === "string" ? errCode : `Connection error: ${errCode}`;
 }