Http request default headers www-authenticate: "Basic..."

General
1

I do not need to authenticate to access my site 192.168.2.201
but
running this flow:

[
    {
        "id": "ea91769386ca7b48",
        "type": "http request",
        "z": "b1244a135f70915e",
        "name": "",
        "method": "GET",
        "ret": "obj",
        "paytoqs": "ignore",
        "url": "http://192.168.2.201:80/{{topic}}/{{parts}}",
        "tls": "",
        "persist": false,
        "proxy": "",
        "insecureHTTPParser": false,
        "authType": "",
        "senderr": false,
        "headers": [],
        "x": 410,
        "y": 480,
        "wires": [
            [
                "2f597047663e2964"
            ]
        ]
    },
    {
        "id": "2f597047663e2964",
        "type": "debug",
        "z": "b1244a135f70915e",
        "name": "debug 1",
        "active": true,
        "tosidebar": true,
        "console": false,
        "tostatus": false,
        "complete": "true",
        "targetType": "full",
        "statusVal": "",
        "statusType": "auto",
        "x": 700,
        "y": 480,
        "wires": []
    }
]

returns a statusCode: 401 and shows www-authenticate: "Basic..."

headers: object
content-type: "text/html"
www-authenticate: "Basic realm="Login Required""
content-length: "0"
connection: "close"
x-node-red-request-node: "d7d5aee6"

Thanks

2

I suspect one of the following@

  1. Browser has cached credentials/session
  2. The generated URL is hitting a protected endpoint
  3. msg.parts is unintentionally becoming [object Object]

The www-authenticate header is evidence that the remote server believes authentication is required for whatever URL Node-RED actually requested.

Leave the url in the http request empty, add a function node before the http request, add this to the function node:

msg.url = `http://192.168.2.201:80/${msg.topic}}/${msg.parts}`
node.warn(`The URL that the HTTP Request will call is '${msg.url}'`
return msg

What url is displayed in the debug panel? Does it look correct?

And if you suddenly remember a user name and password are required, you can add to the function like this:


msg.url = `http://192.168.2.201:80/${msg.topic}}/${msg.parts}`
node.warn(`The URL that the HTTP Request will call is '${msg.url}'`

const token = Buffer.from("USER:PASS").toString("base64");
msg.headers = {
    Authorization: `Basic ${token}`
}

return msg
3

The site responds correctly from the same browser with http://192.168.2.201:80/27/on
I tried running from the node-red extension (latest) of the HomeAssistant.io running on raspberryPi 4 and also from the latest docker node-red container. Both behave the same.

I've included the full debug response:

object
_msgid: "a66dbf49d0de6507"
topic: "27"
parts: "on"
statusCode: 401
headers: object
content-type: "text/html"
www-authenticate: "Basic realm="Login Required""
content-length: "0"
connection: "close"
x-node-red-request-node: "d7d5aee6"
responseUrl: "http://192.168.2.201/27/on"
payload: ""
redirectList: array[0]
retry: 0

4

Did you try any of the suggestions I suggested?

Also, have you tried a different browser to see if credentials are requested (to rule out cached browser credentials)

Some tips to make things a little easier:

When copying debug logs, please use the copy value tool node-red provides....

Pay particular attention to the part about the buttons that appear under your mouse pointer when you over hover a debug message property in the sidebar.

BX00Cy7yHi

When posting code and logs please format them to help us read the data and prevent forum corruption...

In order to make code readable and usable it is necessary to surround your code with three backticks (also known as a left quote or backquote ```)

``` 
   code goes here 
```

You can edit and correct your post by clicking the pencil :pencil: icon.

See this post for more details - How to share code or flow json

5

It's important to remember that the node-red code does NOT run in the browser you are using to edit the flow.

It runs in the backend NodeJS process, it does not have access to any cookies or pre-cached credentials that the browser does. Just because that browser can access something does not mean that the NodeJS process can.

As Steve suggested, try a different browser (not just a different window or tab from the same browser) or a command line tool like curl (which is included in nearly all OSes these days including Windows)

6

Thank you much. You were right about the credentials. I was experimenting with ESP32 hosted webserver and had forgotten that I recently added the authentication code. And I am glad you pointed me to the right direction.
Also thanks for the recommendation about including code in backticks.
Slow learner but I learn.