History API CORS issue #386
Comments
|
Totally forgot about it, however it doesn't look like it is working for API. |
|
Yes, I also can't seem to make it work... I've tried with a "postman" kind of app and it worked that way (with token taken from TileBoard). It seems to fail from Tileboard because the browser triggers OPTIONS request that HA doesn't seem to be handling properly (405 Method Not Allowed). The OPTIONS request is made because request is "non-simple" due to having |
|
I haven't seen such an error. But my Tileboard is served by HA's |
|
To be more solution-oriented: it seems the issue linked above also has an easy fix. Maybe it's best to open a PR to HA's core with it? To be pessimistic again: my recent experience with a PR of mine leads me to think it will take some substantial amount of time until we get this merged... |
|
Keeping all files in www directory, especially if you hardcode the token is a big security risk. I've even added a warning to our readme file today. I rarely use charts anyway but it is something which would be nice to get fixed. I've tried creating a PR in the past and gave up :) |
|
My Tileboard is only available on my local network and the token is not hardcoded. So, I figured it should be ok to have everything in www. However, as it's not recommended, we should try to get a fix into HA... |
|
If I read this right, |
|
Yes, does look like it. Comes from |
|
I'm getting this error when using a different server to host tileboard
Is this releated to this issue at all? I'll try hosting tileboard on the same machine as HA in order to test. |
|
I tested this and I don't get the error:
I might miss something by not setting up a real second server... |
|
I've just spent some hours debugging this and came to the conclusion that the history component just don't allow CORS requests. There is a Not sure if that would be a bug or a feature request. I'll probably file the issue eventually. |
|
Thanks for making HA issue 39727 - I do remember that the History graphs used to work without any CORS errors on an older version of Home Assistant Core I think it was pre 0.107.x, as with 0.107.0 they removed the If I get a spare machine / VM at some point I should be able to test if pre 0.107.x, and if it works I'll see if I can add my results into HA issue 39727 :) |
|
It works for me in |
I'm curious if there are OPTIONS requests triggered in your case:
I suppose they are if it only worked after setting Not sure why it wouldn't work here even with proper origin set. Is it because |
|
There is no OPTIONS request, if I interpret this right: EDIT: And it works with the npm dev server, too, which is on |
|
My server is also on HTTPS ( |
|
If there are no OPTIONS requests then it means that the browser doesn't consider your localhost and the server as separate origins somehow. That sounds bizarre to me, to be honest. Can you try any other browser to confirm that it's also working? |
|
I set up the port forwarding again: Tileboard is served on On Firefox, that actually gives me the OPTIONS request. Still, history is working. On Chrome, it also works. On Edge, I have |
|
One more thing, can you show the response headers of the working OPTIONS request? Here is what I'm getting:
I wonder if the nginx addon that I'm using for HTTPS<->HTTP tunneling is what is causing the issue. |
|
Tried also connecting directly to the HA's python server (on local network) and that is also failing:
This is with HA cors configuration like: Tried both with localhost and actual IP of the host running TB. |
|
That's what Firefox logs for the OPTIONS request: Relevant Relevant HA |
|
I have no idea... The only difference that seems relevant to me is having HA running on HTTPS itself while I'm trying either on HTTP or HTTPS tunneled through nginx (so basically still HTTP on HA side). I don't really want to make the effort to use "native" HTTPS and try it out then... |
|
That's what I get when switching HA to http: So, I guess, that's not it... |
|
This issue seems to have fixed itself for me, my History graphs are now working again in Tileboard. I've not changed my tileboard config at all, but I have been keeping my HACore version up to date (Home Assistant 0.116.4) |
|
It still doesn't work for me. Can you specify the configuration you are using to make it clear what your case is (of course mask the domain with foo.com or something)?
|
|
For example, this is my configuration where it's failing the CORS check.
|
|
I'm afraid to say that today my history graphs have stopped working again, and the only config changes I have made to HomeAssistantCore is to add a few automation and remove a non working integration. I've left the I'm not entirely sure why it was working yesterday, I even checked the Tileboard with different browsers and devices, and the history graphs appeared both in Safari on a laptop, and in Chrome on 2 different android devices when it was working! I'll include the details of my setup in case it it helps debugging, but if it doesn't let me know and I'm happy to edit it out. I'm running Tileboard on a seperate machine on my LAN which is hosted using NGINX, internal IP is 192.168.1.111. I have 2 different duckdns domains, names have been changed. 'tileboard_machine' forwards to the machine running tileboard, 'homeassistant_machine' forwards to the machine running homeassistantcore.
homeassistant:
auth_providers:
- type: homeassistant
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
- 192.168.1.111
- ::1
cors_allowed_origins:
- https://tileboard_machine.duckdns.org
Do you see an OPTIONS request being made in browser devtools? NO, it seems to be a 'GET' request that is failing. I'll have to try changing the 'trusted_networks' portion of the 'trusted_networks' section of the YAML, if this gets it working again I'll post a follow up. |
|
I have made a PR to HA with a fix: home-assistant/core#43679 Knowing how the code works now, I can actually see why would the behavior seem random. Depending on timing the CORS might nor might not get enabled for the history component. |
|
@rchl, I stumbled accross the new issue regarding the API failing and browsed through your PR. Since, unfortunately, they turned it down, I checked if I could find a way to fix the bug you found. Would you mind to have a look at my changes here: akloeckner/home-assistant#1? Since you already digged into the code somewhat deeper, you could give me a hint whether it should work. Maybe you can even test it then, because I don't know how to do that in my current setup... :-/ I will be happy to shove this into the (yes) lengthy review pipeline of the HA people as a follow-up to your PR. |
|
I've posted my comment in your PR. |
|
@rchl thanks for letting me know about this issue. I commented on the other thread. Rgds |
|
This appears to have been fixed in Home Assistant. It should now work as long as the origin that is making the request is whitelisted in HA |
I've just moved my tileboard to a different server and noticed that all API calls to history are failing.
@akloeckner did you expirience anything similar?
The text was updated successfully, but these errors were encountered: