Protect access to hosted files with Home Assistant authentication

Presently, HA provides for the hosting of files under the HTTP integration as is documented here… hosting files. However, files served from the www folder (/local/ url), aren’t protected by the Home Assistant authentication. Files stored in this folder, if the URL is known, can be accessed by anybody without authentication.

Request: Add an authentication layer to this form of access or create a new feature that permits access to files which are protected by HA authenticaion.

I 100% agree. I want to host an image for picture elements without having to expose it to the internet, when using Home Assistant Cloud.

You should be using /media for anything you want to add auth. The www filter is intended to be auth free, even mentioned in the docs. It would be quite the breaking change to add auth there. The media folder does require auth.

Yes, thats what I would like to use. The issue is that the auth Sig key seems to expire and I want to use an image for Picture Elements Card for a house visualization. The Card requires a hard link. The documentation for picture-elements also mentions to use local hosting via www.

This is the format I get when i rightclick the image

/media/local/image.png?authSig=AUTHSTRINGGOESHERE

Using only > /media/local/image.png gives a 401.

I think the issue is that the auth check here is passed in the URL and does not accept auth via request header?

Is there any way I’m missing I can get a authenteciated image url I can use in picuret-elements?