search

cloudspout / cloudspout-button-panel

Grafana panel to integrate with any kind of HTTP/REST API
MIT License
50 stars 35 forks source link

isAuth seems to be true even if not set in the panel editor #81

Open chof747 opened 2 years ago

chof747 commented 2 years ago

When I try to execute a REST call to my home assistant server I get the following error from the preflight request:

Credentials flag is true, but Access-Control-Allow-Credentials is not "true".

I have configured my home assistant server with the correct cors_allowed_origins I am using the following headers:

Authorization: Bearer (my home assistant token)

Authentication switch is turned off and the request is a POST request with a valid json which works fine if I try it with another HTTP client.

maxdd commented 1 year ago

I'm also experiencing something strange

    Access to fetch at 'http://192.168.188.99/status' from origin 'http://192.168.1.52:8087' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
    ButtonPanel.tsx:147          GET http://192.168.188.99/status net::ERR_FAILED 200
    onClick @ ButtonPanel.tsx:147
    He @ react-dom.production.min.js:52
    Ke @ react-dom.production.min.js:52
    (anonymous) @ react-dom.production.min.js:53
    Er @ react-dom.production.min.js:100
    Sr @ react-dom.production.min.js:101
    (anonymous) @ react-dom.production.min.js:113
    Ie @ react-dom.production.min.js:292
    (anonymous) @ react-dom.production.min.js:50
    Rr @ react-dom.production.min.js:105
    Jt @ react-dom.production.min.js:75
    Xt @ react-dom.production.min.js:74
    t.unstable_runWithPriority @ scheduler.production.min.js:18
    Uo @ react-dom.production.min.js:122
    Ne @ react-dom.production.min.js:292
    $t @ react-dom.production.min.js:73
    ButtonPanel.tsx:171 Request error:  TypeError: Failed to fetch
        at onClick (ButtonPanel.tsx:147:7)
        at Object.He (react-dom.production.min.js:52:317)
        at Ke (react-dom.production.min.js:52:471)
        at react-dom.production.min.js:53:35
        at Er (react-dom.production.min.js:100:68)
        at Sr (react-dom.production.min.js:101:380)
        at react-dom.production.min.js:113:65
        at Ie (react-dom.production.min.js:292:189)
        at react-dom.production.min.js:50:57
        at Rr (react-dom.production.min.js:105:469)

i have currently set the authentication switch off but it seems like the panel is still enforcing proper cors rules. Can this be removed?

thegitarist commented 1 year ago

i had similar problems. seems that this was fixed, but not republished:

if (options.isAuth) {
      fetchOpts.credentials = 'include';
      requestHeaders.set('Authorization', 'Basic ' + btoa(options.username + ':' + options.password));
    }

LINK

Can someone just republish this?

thegitarist commented 1 year ago

this is implemented in v7.0.25 but the published version (grafana.com) is v7.0.23. So any automated (e.g. via docker) or manual (via UI) fetches v7.0.23 by default.

would be great, if someone can publish v7.0.25 @ grafana.com

byroncoetsee commented 1 year ago

@derjust any chance we can republish to Grafana? Or is there a way someone else can? Would be great to use this. Thanks