-
Notifications
You must be signed in to change notification settings - Fork 602
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow GET method on /auth with BasicAuth #2407
Conversation
24f8a32
to
a50a396
Compare
Tested. Ready for review |
a50a396
to
07bd383
Compare
supervisor/api/auth.py
Outdated
if request.method == "GET": | ||
raise HTTPBadRequest( | ||
text="URL encoded auth requires HTTP POST instead of GET" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Of curse, that is correct, but do we need to guide people there? We can still just accept GET without future validation if GET or POST.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed those checks. It becomes a one line pull request :-)
As suggested on home-assistant#2407 (review)
As suggested on home-assistant#2407 (review)
5244c4f
to
fddfce3
Compare
Really nice addition! Thanks, @zeehio 👍 |
Proposed change
nginx has a convenient feature named Authentication Based on Subrequest Result which allows to grant/deny access using basic authentication based on the result of a subrequest. That nginx module however only works with GET requests.
This Pull Requests allows users to provide auth credentials using Basic Auth in a GET request. This is convenient because it is then possible to use nginx to authenticate a third party app. Within the nginx server directive an add-on developer could use something like:
Type of change
Additional information
Checklist
black --fast supervisor tests
)If API endpoints of add-on configuration are added/changed: