Open PhantomArt opened 5 months ago
While easy to implement, we need to decide where this information would be persisted, if at all. If not persisted, authentication would have to be required on every refresh. If persisted, we could store the credentials in localStorage. Although that is a bit insecure, I don't think there are much better alternatives...
We can add a "remember me" on the login prompt so the user can choose whether to store the plaintext credentials or not (maybe with a warning).
What do you think, @zero01101?
@PhantomArt apologies for missing this for so long, i'm bad at this
@seijihariki O_O hey man! holy cow, how've you been? to be perfectly honest, i've done so very little with this other than keeping controlnet actually working and the soft inpainting - effectively, i'm down for whatever as long as it doesn't impede non-credentialed use lol :D no argument about plaintext maybe shouldn't live in localstorage on a basic security standpoint but we're not exactly doing banking here so it's probably pretty ok as long as folks stick to good password hygiene ;)
Is your feature request related to a problem? Please describe.
My AUTOMATIC1111 panel is open to the Internet via https and closed by authorization. I want to be able to connect to it from openOutpaint.
Describe the solution you'd like
I've written the details below.
Proposed workflow
The solution is to add an Authorization header to all HTTP requests, something like this:
headers["Authorization"] = "Basic " + btoa(username + ":" + password);
After this, the headers need to be passed to
fetch
.I suggest adding optional
username
andpassword
parameters and placing them in the interface as fields next to the host field.Describe alternatives you've considered
About a year ago I found all the
fetch
calls in the code and hardcoded this header there in a hurry, and it worked. I don't remember if I had to change anything else in the code, but I remember that it didn't take long.Additional context
No response