quentin-st
commented
8 years ago I stumbled across this issue again and found that one could allow an IP to bypass basic/digest auth. It is described on this StackOverflow answer:
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
require valid-user
Allow from 1.2.3.4
Satisfy AnyThe import part is Allow from [IP] and Satisfy Any. Depending on your configuration:
The Chromecast is in the same LAN as your munin master, and it is set in Munin for Android from its LAN address
Allow the Chromecast's LAN IP in the Allow from part. Assign a static bail to it so it doesn't change when restarted
The Chromecast is in a different LAN than your master, and the master is set in Munin for Android by its public IP address
Allow the public IP of the LAN your Chromecast is connected to on the master's server configuration.
This will allow the Chromecast to fetch graphs without specifying basic/digest auth ids.
As you may know, Munin for Android is now compatible with the Google Chromecast.
How it works
Once connected to a Chromecast, the app sends signals to a receiver application displayed on it (see Munin for Android Chromecast Receiver App), a HTML-JS web page.
Several messages are sent from the app to the Chromecast:
Issue
Everything works fine with standard servers, such as [demo.munin-monitoring.org]. But when the server is protected with Apache Basic/Digest auth, graph images can't be downloaded on the Chromecast ("401 Authorization Required" error is returned from the server).
Here are some workarounds I found:
When trying to reach http(s)://foo/bar, you can add the credentials in the URL to reach the page: http(s)://user:pass@foo/bar. First, it only works with basic auth. Then, this is really not secure since the credentials are sent as-is. Finally, Chrome (Chromecast is based on Chrome) blocks this with resources loading.
When downloading the graphs, we could get them one-by-one by setting the request Authorization header. Unfortunately, this does not work because of the cross-domain limitation. (cross-domain requests aren't allowed except if the server explicitly allows it)
The last idea I had was to send the graphs from the app to the Chromecast. I tried to base64-encode and send those, but I had some problems receiving and displaying them. Also, we have to cut the messages since they should not exceed 64k.
If anyone has another solution, that would be great! For now, a Toast is displayed when the user uses the Chromecast feature with at least one GridItem relaying on Apache Basic/Digest auth.