OttPeterR / addon-babybuddy

BabyBuddy, wrapped into a Home Assistant addon
36 stars 13 forks source link

Nabu Casa cloud #49

Closed weaseel closed 7 months ago

weaseel commented 1 year ago

I just started using nabu Casa cloud. Therefore I added the url to CSRF_TRUSTED_ORIGINS, so it looks like this: CSRF_TRUSTED_ORIGINS: >- http://homeassistant:8123, https://xxxxxxxxxxx.ui.nabu.casa/

Now when I want to start a timer, it still says I have to add the url named above to the trusted origins. I saved the config and also restarted. Read access works. But write access doesn’t. Do I have to do anything else? When using vpn it still works. But not when using nabu Casa cloud.

OttPeterR commented 1 year ago

I'm not a nabu casa user so I've never seen it, so far it seems like you're the first person to report this issue. Could you try a few variants of that url to see if it helps? Such as ui.nabu.casa or just nabu.casa?

@cdubz would you have any ideas what might break that CSRF parameter? There some info on how the Nabu Casa service works with HA here but the gist is "Our UI proxy servers operate at the TCP level and will forward all encrypted data to the local instance."

weaseel commented 1 year ago

Tried everything. With http and https and without. i even removed the other url and entered only the one from Nabu Casa. Is there a possibility for a wildcard?

to be honest: i only need it from time to time. I have a vpn to my home network so it’s no big deal for me. But for others it might be.

cdubz commented 1 year ago

@weaseel how exactly are you setting CSRF_TRUSTED_ORIGINS?

I just started using nabu Casa cloud. Therefore I added the url to CSRF_TRUSTED_ORIGINS, so it looks like this: CSRF_TRUSTED_ORIGINS: >- http://homeassistant:8123/, https://xxxxxxxxxxx.ui.nabu.casa/

Now when I want to start a timer, it still says I have to add the url named above to the trusted origins.

And to be clear, which URL is it saying needs to be added? The https://xxxxxxxxxxx.ui.nabu.casa/ one? Are you sure it's exactly the same URL set in CSRF_TRUSTED_ORIGINS?

OttPeterR commented 1 year ago

The add-on has a ui config text field that passes its value into BB's container env like this using just a simple export command. I'm getting the feeling that since it works normally and only half-works with the Nabu service that it's something with Nabu that's causing the issue... That part about it allowing read access but showing the error on write might be some issue with how the session is being passed around, but I'm quite unfamiliar with how all that works (for BB and in general)

weaseel commented 1 year ago

Sorry for replying so late. Yes I’m sure it is the correct URL since I copied it from the error message. @OttPeterR I think the same since read access works. There seems to be something special with Nabu Casa cloud.

cdubz commented 1 year ago

@weaseel one potential issue could be that the CSRF_TRUSTED_ORIGINS values should not have trailing slashes. I'm not sure off hand if this would cause a problem but try setting that value to http://homeassistant:8123,https://xxxxxxxxxxx.ui.nabu.casa instead.

tango2590 commented 1 year ago

I've been using the BB add-on for 6 months and haven't had an issue using it through NabuCasa. My trusted URL doesn't include the last slash so I'd recommend removing it.

trey072 commented 11 months ago

I can confirm that the suggestion by @tango2590 to remove the last slash has resolved the issue for me.

Issue started once using Nabu Casa. Thanks for resolving @tango2590

s00500 commented 4 days ago

Hm... I still run into this issue... failing on the add child step... the csrfmiddlewaretoken is clearly sent in the headers though... tried with and without slash...

Locally I use the nginx addon...