src/common/auth/fetch_token.js will lose the cookie

[yulongying]

Home Assistant release with the issue:

0.77.3

Browser and Operating System:

Chrome 66.0.3359.139, Windows 10 Description of problem:

src/common/auth/fetch_token.js use javascript fecth method to send request to ha webserver, but without the credentials field, It'll lose the cookie which stored some session stuff. The same problem with the PR https://github.com/home-assistant/home-assistant-polymer/pull/1530

[awarecan]

Please fill in the issue template.

Which version on you using? The file you mentioned already gone since 0.77 beta.

[yulongying]

Got it, Great job! Can't wait for the next version.

[awarecan]

Are you sure you located right file? src/common/auth/fetch_token.js is not included in 0.77 release. Especially after 0.77.2 all token fetching moved to HAWS

Furthermore, src/common/auth/fetch_token.js has been patched in #1530 as well.

At last, your chrome is outdated, Chrome 68 and above should not need to set 'same-origin' since it is default option.

[balloob]

Well same origin is not part of HAWS fetch token

[yulongying]

https://pypi.org/project/home-assistant-frontend/#files the js file app-1fe7ad4f.js in PiPy still has the wrong usage of fetch method 'fetch(e+"/auth/token",{method:"POST",body:i})]'

[yulongying]

I don't care much about my chrome of win10, But this problem exists on my android webview.

[awarecan]

As @balloob and I state in previous comments, the code you referenced is not from where you think it may be. It is from HAWS lib, https://github.com/home-assistant/home-assistant-js-websocket/blob/adfb5afc1b4ee67520ae18b0abc2cac200463cd8/lib/auth.ts#L91-L94

Home Assistant is not using cookies, I don't know whether we need "fix" it anyway.

[yulongying]

const resp = await fetch(${hassUrl}/auth/token, { method: "POST", body: formData }); commit at https://github.com/home-assistant/home-assistant-js-websocket/blob/adfb5afc1b4ee67520ae18b0abc2cac200463cd8/lib/auth.ts#L91-L94

still wrong usage.

[yulongying]

https://github.com/home-assistant/home-assistant-polymer/pull/1530 https://community.home-assistant.io/t/nginx-oauth2-proxy-and-home-assistant-user-authentication/61651/4

The same PR was merged.

[balloob]

Closing this issue as this repo does not implement a fetch token. It's https://github.com/home-assistant/home-assistant-js-websocket . A pull request with a fix is welcome.