API call (partially) unauthorized

[yolani]

Hi there,

not sure if this is the right place to post my question, but here it goes anyway.

I noticed that the History-Tile is not working in TIleboard for me, it doesn't show a graph and I get an error popup, saying the api call return with code -1.

So I extracted the call from the debug terminal, and it looks something like this:

curl -X GET \
  https://homeassistant.<MYDOMAIN>/api/history/period/2021-07-08T07:49:34.386Z?end_time=2021-07-08T07:50:04.386Z&filter_entity_id=<SENSOR> \
  -H 'Authorization: Bearer <MYTOKEN>‘

It fails with 401 unauthorized.

The weird thing is, if I remove the last variable (filter) it works:

curl -X GET \
  https://homeassistant.<MYDOMAIN>/api/history/period/2021-07-08T07:49:34.386Z?end_time=2021-07-08T07:50:04.386Z \
  -H 'Authorization: Bearer <MYTOKEN>‘

This works perfectly fine, my HASS instance is hosted as a subdomain behind an Nginx reverse proxy.

Any idea what the root cause of this is?

[alphasixtyfive]

It is probably related to #386

[rchl]

I can't confirm that removing the filter makes it work. Fails the same way for me. I think it's just #386.

[rchl]

The curl might be failing the request because the URL is unquoted. Maybe try something like:

curl -X GET \
  'https://homeassistant.<MYDOMAIN>/api/history/period/2021-07-08T07:49:34.386Z?end_time=2021-07-08T07:50:04.386Z&filter_entity_id=<SENSOR>' \
  -H 'Authorization: Bearer <MYTOKEN>'

In any case, the issue that makes it fail in the browser is related to CORS and CORS doesn't apply when using curl so it's not really relevant to test with curl.

[rchl]

Duplicate of #386