HEOS device unable to access local media in www/

Greetings.

I have uploaded a test mp3 file to my media folder and I can play it within the HA browser.

When I try to access the file in the media folder with a direct URL (http://ha_ip:8123/local/1.mp3), the logfile gets this entry:

2023-08-11 11:57:26.897 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from WRT1200AC.lan (192.168.21.1). Requested URL: ‘/media/local/1.mp3’. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0)

A similar entry occurs when I try to play the file from HA onto my HEOS device:

2023-08-11 11:42:02.320 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from WRT1200AC.lan (192.168.21.1). Requested URL: ‘/media/local/1.mp3?authSig%3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjOGJhZTM3MGM4Y2M0N2EyOWU5NjA5NmE2Y2Y4NTdlNCIsInBhdGgiOiIvbWVkaWEvbG9jYWwvMS5tcDMiLCJwYXJhbXMiOltdLCJpYXQiOjE2OTE3NzU3MjIsImV4cCI6MTY5MTg2MjEyMn0.LslfxLh’. (AvegaMediaServer/2.0 Linux/2.6)

My configuration.yaml includes the following:

  allowlist_external_dirs:
    - "/config"
    - "/media"  
  media_dirs:
    local: /media

I must be missing something somewhere in a configuration, but I can’t seem to find it.

Thanks for any direction.

You need an auth token to access the file directly. If you log into the HA UI from the browser first and then navigate to the file directly, does it work?

Maybe not. I just tested a file in /www/media with nothing in config around external directories nor trusted networks and was able to hit it. This was using an incognito tab in Chrome, so no previous auth token.

Hi. Thanks! When I try from the same or different browser, the log file shows the same, even using an incognito tab. So even if I’m logged in to HA, it won’t serve it.

When I try to play the file from my media folder within HA, the path is /media/local/1.mp3

I’m stumped. The issue prevents playing the media files on HA on my HEOS receiver.

I struggled with the same issue - only some bits of HA can access the files in /media.

I tried putting some images I wanted to use in dashboards in there - convenient, easy upload from ui but couldn’t access them from the dashboard cards.

Gave up and used config/www instead - there is no access control intentionally.

I don’t think I understand the intended purpose of /media and the consequent limitations.

I have the same “issue”.
I have not enough urgence yet to look at it, but it really is what @FriedCheese mentioned. There is token required to access the files.

My Marantz shows the message “unable to play file”

Interesting. Is this an auth token being transmitted from my Marantz (HEOS) to HA?

Would using config/www allow the media to still show up in HA’s media folder so it could then be played on external devices?

Interesting find.
You can make long lasting tokens. Maybe worth adding it there.
Not at home an a opportunity to check.

I’ve checked this and every time the same “key” is send.

This is a generated key from HA as I understand from the documentation.

That information is well above my skill level, however thanks for sleuthing it out!

It looks like “/media” is a protected folder with default access given only to HA. My read is that the ‘allowlist’ options makes the folder available to other integrations but not external.

If you want to make them available externally, use /config/www/media instead.

Unless something isn’t setup right on my HA, with my original configuration it seems like even ‘allowlist’ doesn’t make the media available to other integrations (e.g., my HEOS receiver).

So, as you suggest, I moved the media folder to ‘/config/www/Music’ (configuration.yaml below) and I can access a test mp3 remotely with ‘http://HA_ip:8123/local/Music/3.mp3’

homeassistant:
  allowlist_external_dirs:
    - "/config"
    - "/media"  
  media_dirs:
    local: /media
    remote: /config/www/Music

I can play that file directly through the HA browser to my cpu. But when I try to play that file through the HA browser to the HEOS device, the log again shows this entry:

Login attempt or request with invalid authentication from WRT1200AC.lan (192.168.21.1). Requested URL: ‘/media/remote/3.mp3?authSig%3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1ZjNmYzBhODNkNTE0MmFjOTNhYWEyOGVlOGIwNjE3MCIsInBhdGgiOiIvbWVkaWEvcmVtb3RlLzMubXAzIiwicGFyYW1zIjpbXSwiaWF0IjoxNjkxOTM5MjI4LCJleHAiOjE2OTIwMjU2Mjh9.XEb44’. (AvegaMediaServer/2.0 Linux/2.6)

If I’m not misunderstanding something, it looks like HA is telling the HEOS device to 1) use auth still and 2) not use the right path.

I’ve done some playaround… and finally got something played through my receiver…

service: media_player.play_media
data:
  media_content_id: http://HA_IP:8123/local/Geluid/Alarm_Thuis.mp3
  media_content_type: music
target:
  entity_id: media_player.versterker_2

I did not do any modifications through the media folders or whatsoever.
Only created a subfolder in the WWW folder and added the media files there.

Hey. Thanks. Keeping the files in config/www, I can indeed play the music on my HEOS device with the service now too, which is an improvement over having the media in the default local location. But when I select the music from HA’s media browser to play on my HEOS devices, I still get this log entry representing the failure:

Login attempt or request with invalid authentication from WRT1200AC.lan (192.168.21.1). Requested URL: ‘/media/remote/3.mp3?authSig%3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1ZjNmYzBhODNkNTE0MmFjOTNhYWEyOGVlOGIwNjE3MCIsInBhdGgiOiIvbWVkaWEvcmVtb3RlLzMubXAzIiwicGFyYW1zIjpbXSwiaWF0IjoxNjkxOTM5MjI4LCJleHAiOjE2OTIwMjU2Mjh9.XEb44’. (AvegaMediaServer/2.0 Linux/2.6)

So it looks like HA’s media browser is telling the HEOS device to 1) use auth still and 2) not use the right path. That’s the key issue now since it prevents using the media browser to play the songs anywhere other than on the browser.

As I read it correctly, this works as designed.

Files served from media are protected by Home Assistant authentication unlike those served from www

Even if you add a folder to the media path in the confiration.yaml, it is served ass media thus protected.

I’m not sure if this is a bug of such kind.
#3D is the UTF for a = sign and the '. at the end of the string does not seem to be really good.

For my application, my findings are usable, but if you are plannign to use it as a jukebox, this is a no-go.

However… I have some buttons created from the media library to stream some radio stations to the same receiver, so that is working perfectly fine…

Media streaming from Media and the HA autentication is working fine for e.g. Nest Hub or my android device. Guess this is a HEOS thing not working at is best

Totally with you that files served from media are protected and those from www are not. That is also what I am experiencing.

I’ve also got some buttons that stream some radio stations that work great, and if I call the media play service directly with the path to the files in www, the media plays also, so I know the HEOS device can get things to play.

But, when using HA’s media browser to play files from www to the HEOS devices, that’s where things go wrong. Unfortunately for me, I don’t have a non-HEOS device to test to see if the path that HA sends is right and the auth stuff in the link is removed.

Seems I’m stuck, haha!

Let’s hope someone flies by with a bit more in dept info.

Based on the denon/heos integration it only speaks from HEOS perspective and not local media as you’ve tried. Maybe “as designed” (?)

Maybe change the title to include HEOS to be more specific?

Thanks for the help! Good idea. I’ll change the title

I believe this might just be a url length limitation of HEOS: the URL doesn’t contain the full authSig token, and therefor authentication fails.

See HEOS integration unable to play local mp3 files - authentication error persists · Issue #107442 · home-assistant/core (github.com) for the full explanation.