Hi folks! I have Babybuddy as an add-on in HA. When adding information (such as feeding) through the browser using my PC it works perfectly, but when I try to use the Android HA app to access Babybuddy and add the same information, I have the attached error:
This is my add-on configuration:
Could anyone help?
I get this error in iOS app and on browser (firefox). Any help appreciated.
OP, instructions indicate no space after the coma in between domains.
I added both my IP and the homeassistant.local domain. When I configured INGRESS_USER: admin, it boots logged in to the BabyBuddy dashboard but when attempting to add a child, upon pressing submit I receive the same CSRF error telling me to add the domain/IP to the CSRF trusted origins (which already are).
Exact same issue here. It seemed to work with https using duckdns, but since duckdns was so buggy I swapped to cloudflare and now babybuddy is in op. Works in chrome on desktop using my ip, but doesn’t work anywhere else.
Adding admin in configuration does the exact same where I can see the page but can’t submit without getting the csrf verification error
I see the same thing as @AyudaRubio I can navigate the app if INGRESS_USER: admin, but adding a child gives me one of two CSRF errors.
When my configuration is set to:
CSRF_TRUSTED_ORIGINS: >-
https://<redacted>.ui.nabu.casa,http://homeassistant.local:8123
INGRESS_USER: admin
log_level: debug
I get this screen:
When I tweak my configuration by wrapping the value of CSRF_TRUSTED_ORIGINS in quotes, I get a screen similar to @jfpalomeque
I also started having this problem in December. I can’t pinpoint exactly what changed, but some things that happened around the same time are updates to HA itself, the HA cloudflared add-on, and the HA mobile app.
What’s really interesting is that my wife also uses the HA mobile app for Baby Buddy and has had absolutely no issues whatsoever. It continues to work for her, but not me. So there is merit to the idea it may be cache or client related, but reinstalling the HA mobile app didn’t fix it for me.
That said, I found a workaround for my use case. I exposed the Baby Buddy add-on with an external port to bypass HA addon ingress, published it to a different public hostname through the same cloudflared tunnel, put Cloudflare Access in front of that hostname to secure the web frontend, and appended that new public URL to the list of CSRF_TRUSTED_ORIGINS in the addon. Now I can visit Baby Buddy from my mobile browser on Android.
This doesn’t identify root cause nor solve for the problem of Baby Buddy throwing CSRF errors on HTTP POST requests with HA addon ingress, but it will work for me until fixed upstream.
Worth noting that CSRFv verification failed #81 tracks this issue, so hopefully it will get some attention.
I’m having similar issues with CSRF and BB. Ideally everything will continue to work behind my nginx reverse proxy, but I’m still struggling to submit any forms from any device, so the reverse proxy is just a dream right now.