2- Accessing the site's files using https://myuser:mypassword@mysite:portnumber/path/to/file.png from a private/incognito window works using tested mainstream browsers
3- But the same URL doesn't work when entered in the Image URL field of an Image template in a HE dashboard: displays the broken image icon in the rendered dashboard.
4- Interestingly enough, when right-clicking on the broken-pic icon and selecting "Open Image in new tab", the image displays fine in the new tab.
Is there a trick to be able to load auth-protected pictures in the dashboard? Using other authentication schemes is fine in case that helps. Can't have the web site open to public since these auto-generated pictures concern my property.
This a local webserver or internet hosted? The image tile doesn't play nice with encapsulation or authentication. It also has problems with some codecs. There are ways around it but it depends on your use cases.
local server accessible from Internet. I'm entering the external address (full domain name) in the URL field because I have not yet figured out how to differentiate URLs for local and cloud dashboards (filed a separate post for that)
For the images you'll have to keep it set as the domain url to access remotely, but I think that the authentication is going to give you a lot of issues. You could leave it local and then use a vpn so you could use an unauthenticated link.
I think he wants to pull images from local/public resources, depending on if he is using a cloud or a local dashboard. If that is correct it would take some doing (programming wise) and is not a built-in ability.
Hosting images for access via web browser and hosting images for access via an 'app' are different in how the information is requested by the app from the server. I know from my work with smartly icon/font hosting that you need at add additional lines to the .htaccess file or something to allow it, but I do not recall it exactly (I'm not a web dev). I know if access my dashes using chrome (incognito) I can see more images than I can using the HE app, normal chrome, and via cloud none of my images load.
If you control the server one trick I’ve used is creating a token that can be passed as token= and if that’s not present sending a 403 forbidden. Other solution is to use an ip whitelist and put your house up, either way you use a traditional url and not the ones the tile has issues with.
Been thinking about this for a while now and the iRobot integration displays an image of the robosucker depending on it's state... I wonder if there's something to dig out of that code. Nm, it's https but not authenticated.
Thanks for the suggestion. Went with the token based approach. Below the revised apache conf in case that helps someone with a similar issue. It allows regular users to use basic auth (good for when using a browser on a web page loading many assets on the site) and query-parameter based tokens (good for HE dashboard referencing individual assets directly).
<Directory "/var/www/html/mysite">
AuthType Basic
AuthName "My Site"
AuthUserFile /etc/apache2/.htpasswd
# only require auth if coming from the router, i.e. external access
<If "-R '192.168.1.1'">
<RequireAny>
# either basic auth
Require valid-user
# or our secret token on the query string
Require expr "(%{QUERY_STRING} =~ /token=secret/)"
</RequireAny>
</If>
</Directory>
Would be nice if the dashboards supported supported automatically injecting http headers or query parameters for regex matches on URL resources. That would allow among other things for centralized credentials management, and http headers are less problematic than query parameters for some scenarios.
