Update attachments.md

[Malnes]

just, why?!

[TomBrien]

Can you please supply some context/background for this. The intended behaviour is that the app handles the authentication of the media folder as described here and here

If this is the case, a bug report should be raised, not a change to the docs.

Edit: I cannot reproduce the described situation.

[Malnes]

I don’t see anything in the documentation explaining why files stored in /media suddenly becomes publicly available, but after much testing, that is the case.

First, I created a snapshot:

service: camera.snapshot data: filename: /media/testImg.jpg target: entity_id: camera.cam3_sd_stream

At this stage, the following url Returns 401, which is good. https://.com/media/local/testImg.jpg Then i added the image to a Notification:

service: notify.mobile_app_malnes_mobil data: message: Test message title: Test message data: image: /media/local/testImg.jpg actions:

• action: URI title: Open uri: https://.com/media/local/testImg.jpghttps://%3cdomain%3e.com/media/local/testImg.jpg

After sending the Notification, the image is available for the world to see. Don’t know if it’s a bug or a feature, you tell me.

Also, the image is available even after deleting the image from /media folder (getting some Eufy vibes here). Tried deleting and disabling cache from cloudflare, but that did not help either. It’s my understanding that HA use google notification services (firebase?) to deliver notifications, and I assume this is just a limitiation with that service. OR this is just me doing something wrong…..

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows

From: Tom @.> Sent: søndag 12. mars 2023 13:26 To: @.> Cc: @.>; @.> Subject: Re: [home-assistant/companion.home-assistant] Update attachments.md (PR #926)

Can you please supply some context/background for this. The intended behaviour is that the app handles the authentication of the media folder as described herehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.home-assistant.io%2Fintegrations%2Fmedia_source%2F&data=05%7C01%7C%7C363c321c76234c17199708db22f4efb8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142207620796532%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h0NX%2Bigm8hV8Y%2Ffg1s4hPIXQHEXVhtYAyOYWa6JcxRU%3D&reserved=0 and herehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcompanion.home-assistant.io%2Fdocs%2Fnotifications%2Fnotification-attachments%23media_source-recommended&data=05%7C01%7C%7C363c321c76234c17199708db22f4efb8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142207620796532%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cz0C8iya3pbHeHri%2FkQNLoss90RiodBBD3WKpzN4cao%3D&reserved=0

If this is the case, a bug report should be raised, not a change to the docs.

— Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fhome-assistant%2Fcompanion.home-assistant%2Fpull%2F926%23issuecomment-1465183021&data=05%7C01%7C%7C363c321c76234c17199708db22f4efb8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142207620796532%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LhkdvLA7jCr819Bs%2B4Pt2ZPbLFLMYifxwUvpFH7sVSg%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FALNWISTITESG5MNEZXDEO6TW3W6FNANCNFSM6AAAAAAVYBRNHM&data=05%7C01%7C%7C363c321c76234c17199708db22f4efb8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142207620796532%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Wy3iVj1S6qMs3IxiO8w%2BXy2vNpFkQaFJ4VyYM2zFhNk%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>

[zacwest]

Sounds like you have allowed Cloudflare to cache it somehow. I recommend looking there first; accessing HA directly will not allow access to the file without authentication. It makes sense that after validly pulling it your caching proxy could cache it.

[Malnes]

I have disabled and deleted cache in cloudflare. I don’t think that’s the issue, but I will investigate further.

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows

From: Zac @.> Sent: søndag 12. mars 2023 16:25 To: @.> Cc: @.>; @.> Subject: Re: [home-assistant/companion.home-assistant] Update attachments.md (PR #926)

Sounds like you have allowed Cloudflare to cache it somehow. I recommend looking there first; accessing HA directly will not allow access to the file without authentication. It makes sense that after validly pulling it your caching proxy could cache it.

— Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fhome-assistant%2Fcompanion.home-assistant%2Fpull%2F926%23issuecomment-1465227362&data=05%7C01%7C%7Cb7e248ae3a604f397e2308db230e021f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142315300703743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N3nTWxkd%2B5Ge2OVJaQ5VzTCK35t0rxYcUP2vSWgeP8w%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FALNWISRQLXJXDUCGAXY5FJDW3X2HPANCNFSM6AAAAAAVYBRNHM&data=05%7C01%7C%7Cb7e248ae3a604f397e2308db230e021f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638142315300703743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wIN2QZeokK1%2BUej01SBmUXtxNjpgiyIuMnsLBSneAr8%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>