Munin-for-Android icon indicating copy to clipboard operation
Munin-for-Android copied to clipboard

Published 20 hours ago verified publisher icon chteuchteu

Chromecast compatibility with Apache Basic/Digest Auth

Open quentin-st opened this issue 9 years ago • 1 comments

As you may know, Munin for Android is now compatible with the Google Chromecast.

How it works

Once connected to a Chromecast, the app sends signals to a receiver application displayed on it (see Munin for Android Chromecast Receiver App), a HTML-JS web page.

Several messages are sent from the app to the Chromecast:

  • inflate_grid: sent once the connection is established, with the GridItems, grid name, and period
  • preview
  • cancel_preview
  • refresh
  • change_period

Issue

Everything works fine with standard servers, such as [demo.munin-monitoring.org]. But when the server is protected with Apache Basic/Digest auth, graph images can't be downloaded on the Chromecast ("401 Authorization Required" error is returned from the server).

Here are some workarounds I found:

  • Add the credentials in the URL

When trying to reach http(s)://foo/bar, you can add the credentials in the URL to reach the page: http(s)://user:pass@foo/bar. First, it only works with basic auth. Then, this is really not secure since the credentials are sent as-is. Finally, Chrome (Chromecast is based on Chrome) blocks this with resources loading.

  • Download graph images using Ajax

When downloading the graphs, we could get them one-by-one by setting the request Authorization header. Unfortunately, this does not work because of the cross-domain limitation. (cross-domain requests aren't allowed except if the server explicitly allows it)

  • Make the app send the graphs to the Chromecast

The last idea I had was to send the graphs from the app to the Chromecast. I tried to base64-encode and send those, but I had some problems receiving and displaying them. Also, we have to cut the messages since they should not exceed 64k.

If anyone has another solution, that would be great! For now, a Toast is displayed when the user uses the Chromecast feature with at least one GridItem relaying on Apache Basic/Digest auth.

quentin-st avatar Mar 07 '15 21:03 quentin-st

I stumbled across this issue again and found that one could allow an IP to bypass basic/digest auth. It is described on this StackOverflow answer:

Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
require valid-user
Allow from 1.2.3.4
Satisfy Any

The import part is Allow from [IP] and Satisfy Any. Depending on your configuration:

The Chromecast is in the same LAN as your munin master, and it is set in Munin for Android from its LAN address

Allow the Chromecast's LAN IP in the Allow from part. Assign a static bail to it so it doesn't change when restarted

The Chromecast is in a different LAN than your master, and the master is set in Munin for Android by its public IP address

Allow the public IP of the LAN your Chromecast is connected to on the master's server configuration.

This will allow the Chromecast to fetch graphs without specifying basic/digest auth ids.

quentin-st avatar Jan 14 '16 21:01 quentin-st