"401: Unauthorized" iframe CARD of Grafana not working

sparkuss · January 19, 2021, 11:04am

Try to add additional parameters here, near of "GF_AUTH_ANONYMOUS_ENABLED" in Grafana configuration:

  - name: GF_AUTH_ANONYMOUS_ENABLED
    value: 'true'
  - name: GF_AUTH_ANONYMOUS_ORG_NAME
    value: canBeAnyNameHere

Now it’s working better in my Hassio, but only if connecting to it from same host

kszaboa · January 26, 2021, 2:48pm

I had the same Issue (401 unauthorized) in the iFrame in a dashboard. Activating Grafana from the toolbar on the left and switching back to the dashboard helps for the second. On a mobile device on same network I always got 401 error.

The solution was to change the port in the embed addresse from default 8123 to the one you define in Grafanas settings (3000 on my setup). Credits to @joaofl

Makis · February 3, 2021, 5:45pm

please can you post a screenshot where I can find in my setup yours 3000 address?

kszaboa · February 3, 2021, 6:01pm

Supervisor -> Grafana -> Configuration -> Network

Makis · February 3, 2021, 6:33pm

Thanks
mine is like this… I don’t know why… grafana is working… is there a way to fix this?

kszaboa · February 3, 2021, 8:23pm

I guess there is a way simply type “3000” (or whaterever 4digit number you like) instead “disabled” like I did

Makis · February 4, 2021, 7:52am

this will probably work. Now I suppose to add my credentials (username + password) and I don’t remember them

Aaron_P · February 8, 2021, 9:41pm

Cheers. Do you embed internal address or external one with https?

pancodia · March 7, 2021, 7:49pm

I can confirm that after I changed the port to 3000, the iframe panel showed up on may app.

maxifly · March 9, 2021, 4:34pm

When I connected to HA using same IP equals IP in URL in iframe, frame work properly/
But when I connected using duckdns.org host or using host from my hosts file, frame show error 401.
None of the above recipes helped.

taoyx_2002 · March 16, 2021, 4:37pm

Unfortunately, this problems still happens on my android mobile phone even change that port to 3000.

But on PC/Browser, it works always fine. Very strange.

naibaf · July 1, 2021, 6:58am

Same here. Android App with Tablet user isn’t working. Android App with my personal User on Smartphone works perfectly fine, also with my personal User on the PC browser.

Would be interesting to get this resolved for all devices.

kojirof · September 9, 2021, 4:26am

Hi, I have posted alternative solution for iframe with Grafana.
If you are running Home Assistant and Grafana on a reverse proxy and SSL enveronment, this might be useful.

laxarus · October 16, 2021, 7:48pm

Enabling anonymous login fixes this issue with setup like below but creates security problems. One way to fix that from HA side is to introduce sending additional headers for lovelace iframe card.
Grafana api keys can be used like this:

curl -H “Authorization: Bearer eyJrIjoiUnhKa2swM2FrR0k4eUhyUHQ5dDVoVzN3U2cwVdfgfdrjht554iaWQiOjF9” https://grafana.mysetup.org/api/hassio_ingress/nZYGqQ-X7eLkUZpNFdRU47lv_/api/dashboards/home

Then grafana api keys can be used but this also creates other security issues since the api key will be visible for everyone who can access the lovelace dashboard. Though it is a less severe issue than completely exposing grafana with anonymous login since if someone unwanted can access your dashboard, you will have other problems.
This can also be mitigated by using secrets in the lovelace ifrane card to some degree too.

env_vars:
  - name: GF_SECURITY_COOKIE_SECURE
    value: 'true'
  - name: GF_AUTH_ANONYMOUS_ENABLED
    value: 'true'
  - name: GF_AUTH_ANONYMOUS_ORG_NAME
    value: Org
  - name: GF_AUTH_ANONYMOUS_ORG_ROLE
    value: Viewer

There is an open feature request for this:

janbenes · April 11, 2022, 9:03pm

For me, no advice worked. I was able to display grafana panels from external adresses, but not now anymore. I only get jumping grafana logo.

viruslab · June 9, 2022, 12:55pm

I have the same issue.
I get an 401: Unauthorized error on a first opening lovelace page.
I have to open a grafana panel first and then I have to refresh a lovelace page

Jlm70 · August 13, 2022, 10:24am

Same 401 issue… 2022.8.3.
I saw many different solutions out there, but… I’m a bit confused: after years of HA-Grafana integration… isn’t there, yet, a straight direction to solve an issue that ANYONE using Grafana in HA would have? I mean… anyone using Grafana - I think - would then add his graphs within the other dashboards… no?

adynis · August 22, 2022, 2:59pm

I also have this issue and I’m sad there’s no nice solution.
Right now I’m just manually opening Grafana (so that I’m somehow authenticated) and after that it works … (for 1 day).

budcalloway · September 7, 2022, 1:38pm

What is the adress you are using in the card ?
Mine is like this https://externalIP:3000/
you need to redirect the port to your server.
If you’re using SSL, don’t forget to indicate the adress of it. If you use NPM it is not / but /nginxproxymanager/live/npm-5/privkey.pem

Deckoz2302 · September 7, 2022, 4:05pm

Nginxproxymanager. Graphana uses X-Frame-Options for cross site protection against rendering in an iFrame

In NPM on your config add a custom location for / and add the below config

proxy_hide_header X-Frame-Options