Media Tile broken due to URL with "//user:password@address" embedded credentials


The Problem: Embedded Credentials are blocked by browsers:

Chrome (and Android Webview - such as ActionTiles Android App & Fully) hard blocks / forbids all embedded content with basic http authentication credentials of the form https://user:password@address

We hate they made this choice with no override. It's for security. Similarly there is no way to pass authentication credentials to an embedded stream or even a iFrame.

The only possible workarounds:

  • Try no user & password.
  • Try authenticating in a separate tab first.
  • Try Firefox (some versions do not block basic authentication)
  • Use an intermediary transcoding server that serves with a different authentication as parameters (eg, tinyCam Monitor Pro app for Android, Blue Iris, VLC, MotionEye, etc).
    • tinyCam Monitor Pro, for example, accepts user and password as parameters instead of in the address prefix:  <a href="https://192.168.0.3:8083/axis-cgi/mjpg/video.cgi?user=admin&pwd=mypassword">https://192.168.0.3:8083/axis-cgi/mjpg/video.cgi?user=admin&pwd=mypassword</a>
    • Blue Iris (or turn off security on Blue Iris server may be necessary, but try...): http://IPADDRESS:PORT/mjpg/CAMERASHORTNAME/video.mjpeg?user=USER&pw=PASSWORD

Base 64 encoded Credentials?

You'll have to dig up the manuals for your camera model, but some will take credentials encoded as a Base64 string, as a parameter. In this example below, the parameter is called "auth".

e.g., <a href="http://10.0.0.172/Streaming/channels/102/httppreview?auth=dmlld29ubHk6cGhqdWkyMzNoM3Fr">http://10.0.0.172/Streaming/channels/102/httppreview?auth=dmlld29ubHk6cGhqdWkyMzNoM3Fr</a>

This article was helpful for 12 people. Is this article helpful for you?