search

gradio-app / gradio

Build and share delightful machine learning apps, all in Python. 🌟 Star to support our work!
http://www.gradio.app
Apache License 2.0
33.5k stars 2.54k forks source link

Auth is broken on Spaces #1259

Closed abidlabs closed 1 year ago

abidlabs commented 2 years ago

Is there an existing issue for this?

Describe the bug

auth doesn't seem to be working in 3.0

Reproduction

Check demo\hello_login

Screenshot

No response

Logs

No response

System Info

3.0b5

Severity

blocker

abidlabs commented 2 years ago

Auth is now working on Gradio 3.0 (thanks @pngwn!).

However, it does not work with Spaces -- so leaving this issue open (albeit renamed).

abidlabs commented 2 years ago

Still an issue, see: https://huggingface.co/spaces/abidlabs/hello-login

YuliangXiu commented 2 years ago

@abidlabs so this auth issue will be fixed in 3.2, right?

abidlabs commented 2 years ago

We are looking into it! cc @aliabid94

@YuliangXiu, to confirm, you are looking to add a username/password login to a Gradio demo you are hosting on Hugging Spaces? Can you simply make the Space private?

YuliangXiu commented 2 years ago

We are looking into it! cc @aliabid94

@YuliangXiu, to confirm, you are looking to add a username/password login to a Gradio demo you are hosting on Hugging Spaces? Can you simply make the Space private?

Once the auth works, just let me know. Then I will uncomment these codes. This is to make sure all the ICON users could approve the required MPI agreements before inference.

abidlabs commented 1 year ago

Closing thanks to #3049 by @freddyaboulton!

AlanMars commented 1 year ago

Closing thanks to #3049 by @freddyaboulton!

Hi Abidlabs,

CC: @abidlabs @aliabid94 @YuliangXiu @pngwn @freddyaboulton

Thanks for your fixing. It seems that this issue has been resolved. It can work well in Google Chrome Version 113.0.5672.92 (Official Build) (arm64) on "PC". (Gradio 3.29.0 + Python 3.8.9 + Huggingface Space).

But we have the same failed auth issue on the Mobile Chrome Web browser (Chrome, Safari). Do you have this issue on your Phone Browser?

efbsecond commented 9 months ago

Hi all - I am still having an auth issue with Gradio hosted on HF Spaces. The login works as expected on Firefox and Chrome on MacOS but fails on MacOS Safari and iOS Safari. The failure results in an empty login box refreshing after each correct login attempt - rendering the space unusable. Happy to provide further documentation or create a demo repo.

ARusterholz-edu commented 6 months ago

Hi all - I am still having an auth issue with Gradio hosted on HF Spaces. The login works as expected on Firefox and Chrome on MacOS but fails on MacOS Safari and iOS Safari. The failure results in an empty login box refreshing after each correct login attempt - rendering the space unusable. Happy to provide further documentation or create a demo repo.

I am also receiving this issue in Chrome and Safari as of April 2024. It happens regularly in Chrome Private Tabs or in Safari.

The space is currently only consistently useable in Firefox, but I can usually use it in chrome browser while logged in and not in private tab.

chigkim commented 4 months ago

I can use the auth feature on MacOS Safari, but not on Ios Safari. It just redirects to login page. I'm not using private browsing mode.

freddyaboulton commented 4 months ago

Make sure your ios browser allows third party cookies @chigkim

chigkim commented 4 months ago

Make sure your ios browser allows third party cookies @chigkim

Oh wow, that's a bad news! :( Doesn't iOS Safari have Prevent Cross-Site Tracking enabled as default? Everyone (99.99% over 9K people) at my work uses Apple device. I have to tell everyone to turn off Prevent Cross-Site Tracking? lol

freddyaboulton commented 4 months ago

The issue is specifically for spaces (or any website that embeds a gradio demo hosted on another site).

On Spaces, the actual server is hosted on a different domain and then served over an iframe on the space page. So that's why the authentication cookie counts as "third party". It's technically coming from a different site.

You can access the domain your space is hosted on directly and the issue shouldn't happen. You can get the domain your space is hosted on by clicking the Embed this Space button in the options:

get_subdomain_of_space

chigkim commented 4 months ago

You can access the domain your space is hosted on directly and the issue shouldn't happen. You can get the domain your space is hosted on by clicking the Embed this Space button in the options:

Awesome, that worked! Then basically, if you 1) host your code on HF, 2) utilize auth feature, and 3) and don't want to tell people to turn of Prevent Cross-Site Tracking, instead of embedding on a website, you should really link the domain (hf.space) where your space is hosted on, and point users to the webpage directly. No other option than hosting on your own domain. Am I understanding it correctly? Thanks!