-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't connect via internal url in newest version #3259
Comments
Thats correct, starting on 2024.12 the App will only use the internal URL when an SSID (or hardware address in case of macOS) is defined and location permission is granted, the App will not fallback to the internal URL in case the external URL is not available unless those options are defined. Background: This is to protect most users which have internal URL configured with an unsecure connection (http) to expose their tokens in public networks. Options:
|
I don't understand why it was so important to break half the people's setup, seemingly without any notice. There was no notice about the breaking change at the top of the iOS release notes, there was no alert in HA that my current setup will stop working at a specified date/version. If people can't connect to my internal network then they can't do anything with the token.
The external URL wasn't even set, my setup is only accessible internally. Why not just create an SSL cert on the server (and automatically create and distribute new ones overlapping with the current cert's validity) and use that to connect via https when the user adds HA with an http address? And if the device doesn't have the most up to date SSL cert that the server uses, then ask for user confirmation that we are on the home network. Could also use the Local Push connectivity managed by iOS to detect which server we are connected to via an internal address (being able to set up the SSID on the server would also be nice instead of having to add it to every device manually) |
Hello, This choice, and more specifically its implementation, is causing me some issues. No warningThis update was pushed with a breaking change without any warning, neither in the app nor in the patch notes.
Enabling precise locationI understand that this request for full location access just to see the Wi-Fi name is an implementation constraint imposed by Apple, but :
SecurityMaybe I am being too skeptical about this, but if I don't expose my Home Assistant, someone intercepting my token on another network would probably not do anything with it. The fact that this update was delivered with a breaking change without any warning is really problematic in my opinion. |
@Cyberbeni When the app doesn't find a URL it can use, a message is displayed with instructions, was it not shown for you? |
@Lancelot-Enguerrand thanks for the feedback, I agree the communication could be better and I'll take that into consideration in a patch release. About security, even though your server is not exposed to the internet, the token is a private sensitive information, imagine that today you device to expose your instance to the web? Someone could already have intercepted your token, that's just one scenario. |
@Cyberbeni About the SSL certificate, this is a solution also in consideration but it will require a way bigger cross platform implementation, don't expect it soon, but it's in our radar. |
I just paused the 7-day phased release to improve the communication |
To be honest, I read the error title and looked at the action offered (open settings), but I don't think I know many people who would do more than that when something that is supposed to be a one time setup breaks, especially if someone else helped them set it up. |
@Cyberbeni fair enough, tomorrow I'll have more information to share regarding this. Meanwhile would be very nice to have you in our beta loops, so we can get feedback in advance of releases, is this something you want? https://testflight.apple.com/join/1AlPbnLZ Also an invite for you @Lancelot-Enguerrand |
Sure, I joined the beta. |
While a better migration/communication is being developed, I will revert to always fallback to internal URL and release it as 2024.12.1 |
@Cyberbeni can you help me check build 2024.1041? |
2024.1041 works fine when only the internal url is set. |
2024.12.1 released in App Store. Soon in TestFlight there will be a new screen communication the change and offering options to the user, keep an eye on it and feel free to tag me. |
@tache whats exactly your doubt? The App can only determine if you can access your local URL (internal URL) if the app knows your are in your local network, for that we need to check your SSID configured and ti have access to that we need the permission explained in your screenshot. The app CURRENTLY fallbacks to internal URL when no external URL is available, but this should change soon, we are not working on the proper communication + migration screen, we will also include an option to "ignore everything and always fallback to internal URL" |
Thanks for the reply. So this would be the first app that I have ever seen that would require that you specifiy a local wifi SSID to connect locally, that would then require you to provide IOS permission to allow always-on and precise location. The app should only rely on trying to access the local URL via DNS name reolution. If it does not resolve then it should fail to connect. If it fails to resolve the internal URL, it should fall back to external URL attempt |
I guess I should had posted this under #3255 |
I saw your other reply first, so I replied on that thread, linking it here #3255 (comment) And let's keep the conversation here |
Reposting here to be easier to continue reading: @tache what if you are on a public network and someone hosted a fake home assistant to hijack your token? You can imagine that people usually have internal URL such as: So my example above could easily happen. Resolution would succeed. But it is not your HA server. SSID is not perfect but it is the solution in place app-wide right now, and again, we will provide an option to ignore that and just fallback to internal URL if you need/want. |
After the newest update, my iPad decided to not connect to HA. I only had internal url setup, after copy pasting the url to external url, it successfully connects.
All permissions besides Local Network, Push and Background App Refresh are off.
iOS device model, version and app version
Model Name:
Software Version:
App version:
Home Assistant Core Version
Describe the bug
To Reproduce
Expected behavior
Screenshots
Additional context
The text was updated successfully, but these errors were encountered: