hassio-addons
hassio-addons copied to clipboard
alexbelgium
✨ [Request] Tandoor recipes add ingress
Which addon?
- Addon name : Tandoor recipes
- Addon version: 1.3.0
Describe the bug
When you open addon UI with hassio proxy (*.ui.nabu.casa addresses) it redirects you to the proxy address + port. Hassio proxy doesn't support that so UI effectively doesn't work.
To Reproduce
- Go to "Home assistant cloud" in "Settings".
- Enable "Remote Control" (requires Home Assistant subscription)
- Open nabu.casa provided URL
- Navigate to Addons-> Tandoor recipes
- Click Open UI
- Redirect to *.ui.nabu.casa:9928 ends at ERR_CONNECTION_TIMED_OUT
This is caused by the same reason as addon ingress doesn't work in this issue https://github.com/TandoorRecipes/recipes/issues/354
Hi, I've removed ingress as currently it doesn't work. There are perhaps some remnants I need to clean. The key issue is that url are hard coded in the js files which prevent the flexibility of accessing both through ingress or through the direct ip
Yeah, I think it still would be a blocked bug until it's solved in tandoor by itself.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
It works with a local ip but not a domain, despite setting the ALLOWED_HOSTS setting. Do you see where the issue is ? Thanks!
I've looked at your commit on tandoor and added the env variable you created, it could work
HI alexbelgium,
I get the following with ingress.
Verboden (403)
CSRF-verificatie mislukt. Aanvraag afgebroken.
Help
Reason given for failure:
Origin checking failed - https://sub.domain.nl does not match any trusted origins.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when [Django’s CSRF mechanism](https://docs.djangoproject.com/en/4.0/ref/csrf/) has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template’s [render](https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render) method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
Hi,
Thanks for the report. Normally, I've solved this issue, you should add "sub.domain.nl" in your ALLOWED_HOSTS option of the addon and it will automatically be added to the trusted origins. One pushed a new version as perhaps you installed the v2 prior to me adding this code, can you please confirm if you still have that on v3? Thanks
I can confirm the new version is working without the need of setting allowed_host for me now
Normally though images won't work with an https domain, at least on what I tried
I wonder if it is not a bit related to : https://github.com/firefly-iii/firefly-iii/issues/5229
Normally though images won't work with an https domain, at least on what I tried
I wonder if it is not a bit related to : firefly-iii/firefly-iii#5229
Im not sure if my setup uses underwater https. As i use proxymanager to use HTTPS but the ingress is i think different but i might be wrong.
Not sure to understand, but currently my observation is :
- connection to HA with ip:port : everything works
- connection to HA with domain:port or domain only (with default port) : everything works except for images that do not load ; they become mapped to domain:port/media instead of domain:port/api/hassio.../media
I can't really pinpoint a reason as to why the images don't load with domains
The error is that in the recipe, the BASE_PATH is modified : it loses the https scheme and the port. If I connect with https://mydomain:port/...
<script type="application/javascript">
localStorage.setItem('SCRIPT_NAME', "/api/hassio_ingress/LSMEzRIPgjKoBY18wcW2UF2ig7XEh4T6OgpHKO2kPPk")
localStorage.setItem('BASE_PATH', "http://mydomain.net/api/hassio_ingress/LSMEzRIPgjKoBY18wcW2UF2ig7XEh4T6OgpHKO2kPPk")
ALLOWED_HOSTS fixes a problem with CORS. However, this is a different problem from hosting it under the relative path. You can make some dirty hacks with nginx for passing through requests under the assets folder.
I was debugging it for a while but with no luck. I ended up hosting tandoor on my own VPS with a separate 3rd level domain. I think it would be best to push developers from tandoor to fix a problem with relative paths rather than hack it from addon side.
Indeed... I'm using a mixture of sed and nginx to make it work up to this stage. Only thing is for the /media folder that has a mismatch as it is sent to http, for which I was trying to add proxy_redirect directive to solve that... The main dev was open to help so I'll probably contact him at this stage
Thanks for the feedback
Ingress should be fully working in the latest version pushed, please let me know if it works
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi Alex,
I am facing issues after login now with can't get the ingress integration working. Have set the allowed host but still gives an error see below:
Was it working before?
Well yes but then i didnt had to fill in the allowed host but might be 2 hotfix releases back.
Now i did add the allowed host but it looks like still preventing it. Might this be because of proxymanager i use?
It's working now, I pushed a new version and tested it works with a nabucasa address. You just need to clear the browser cache
Let me know if it doesn't and I'll reopen!