Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chromecast compatibility with Apache Basic/Digest Auth #7

Open
quentin-st opened this issue Mar 7, 2015 · 1 comment
Open

Chromecast compatibility with Apache Basic/Digest Auth #7

quentin-st opened this issue Mar 7, 2015 · 1 comment

Comments

@quentin-st
Copy link
Owner

As you may know, Munin for Android is now compatible with the Google Chromecast.

How it works

Once connected to a Chromecast, the app sends signals to a receiver application displayed on it (see Munin for Android Chromecast Receiver App), a HTML-JS web page.

Several messages are sent from the app to the Chromecast:

  • inflate_grid: sent once the connection is established, with the GridItems, grid name, and period
  • preview
  • cancel_preview
  • refresh
  • change_period

Issue

Everything works fine with standard servers, such as [demo.munin-monitoring.org]. But when the server is protected with Apache Basic/Digest auth, graph images can't be downloaded on the Chromecast ("401 Authorization Required" error is returned from the server).

Here are some workarounds I found:

  • Add the credentials in the URL

When trying to reach http(s)://foo/bar, you can add the credentials in the URL to reach the page: http(s)://user:pass@foo/bar.
First, it only works with basic auth. Then, this is really not secure since the credentials are sent as-is. Finally, Chrome (Chromecast is based on Chrome) blocks this with resources loading.

  • Download graph images using Ajax

When downloading the graphs, we could get them one-by-one by setting the request Authorization header. Unfortunately, this does not work because of the cross-domain limitation. (cross-domain requests aren't allowed except if the server explicitly allows it)

  • Make the app send the graphs to the Chromecast

The last idea I had was to send the graphs from the app to the Chromecast. I tried to base64-encode and send those, but I had some problems receiving and displaying them. Also, we have to cut the messages since they should not exceed 64k.

If anyone has another solution, that would be great! For now, a Toast is displayed when the user uses the Chromecast feature with at least one GridItem relaying on Apache Basic/Digest auth.

@quentin-st
Copy link
Owner Author

I stumbled across this issue again and found that one could allow an IP to bypass basic/digest auth. It is described on this StackOverflow answer:

Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
require valid-user
Allow from 1.2.3.4
Satisfy Any

The import part is Allow from [IP] and Satisfy Any. Depending on your configuration:

The Chromecast is in the same LAN as your munin master, and it is set in Munin for Android from its LAN address

Allow the Chromecast's LAN IP in the Allow from part. Assign a static bail to it so it doesn't change when restarted

The Chromecast is in a different LAN than your master, and the master is set in Munin for Android by its public IP address

Allow the public IP of the LAN your Chromecast is connected to on the master's server configuration.

This will allow the Chromecast to fetch graphs without specifying basic/digest auth ids.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant