Possible to have config option to send basic auth?

I run HASS behind an nginx setup and ask for basic auth details from external connections to provide an additional layer of security.

I’d love to see this too as I also have my HomeAssistant instance behind nginx basic auth with no API password, which also lets me terminate SSL there.

I too would love this function. Right now I only can run the app on my own network :frowning:

Will try to add this soon.

Yes please add me to this request!

Any news on this? Still cant connect to HA with reverse proxy.

As a workaround put user:password in the URL - this should work. So e.g. https://user:[email protected]/ha/

I know this doesn’t resolve the issue, but in the meantime it’s probably better to use the iOS app than hold off due to security. I use an nginx reverse proxy with basic auth and fail2ban for my other web apps, but have auth disabled for Home Assistant in the meantime.

Home Assistant can handle IP banning itself and that definitely works for now.

  base_url: !secret base_url
  api_password: !secret api_password
  ip_ban_enabled: true
  login_attempts_threshold: 5
  use_x_forwarded_for: True
    - ::1

Sorry for negroposting, but this seems to still be a issue :frowning:

I believe that having basic auth would have protected against the March 2023 vulnerability, so I think this is VERY relevant still.