supervisor: Firefox: 401: Unauthorized / No valid ingress session None

Describe the issue you are experiencing

I am no longer able to display the Web UI of Add-Ons such as Node-Red, File Editor, Portainer, SQLite Web, etc.

Clicking “Open Web UI” results in this message:

401: Unauthorized

Supervisor’s log reports:

21-07-21 15:31:24 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None

What is the used version of the Supervisor?

supervisor-2021.06.8

What type of installation are you running?

Home Assistant Supervised

Which operating system are you running on?

Debian

What is the version of your installed operating system?

Debian GNU/Linux 10 (buster)

What version of Home Assistant Core is installed?

2021.7.2

Steps to reproduce the issue

Unknown.

Anything in the Supervisor logs that might be useful for us?

21-07-21 15:31:24 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None

Additional information

I normally access Home Assistant via one of three devices (using the same admin-level account):

  1. Android tablet with MS Edge. This device has displayed the 401: Unauthorized message for a long time. I was never able to fix it but it didn’t matter because the tablet was impractical for using Node-Red.

  2. Ubuntu laptop with Firefox. This device is my daily driver for maintaining Home Assistant and now it cannot display the web UI of various Add-Ons, notably Node-Red, File Editor, Portainer, etc.

  3. Windows desktop with MS Edge. This one is still able to display the web UI of Add-Ons.

I don’t know what causes this problem so everything I have tried is a shot in the dark (and none of it has worked):

  • Refresh browser page
  • Delete refresh tokens
  • Reboot host machine

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 24 (8 by maintainers)

Most upvoted comments

I had to disable the tracking protection left to the address bar, to get ingress working again:

ff

+28
casperklein on Jul 24, 2021

It looks like Firefox 90 has added extra protections to the “Strict” privacy profile that is currently incompatible with Ingress. We’re looking into it.

+13
balloob on Jul 27, 2021

It has been confirmed as a bug in Firefox. For more information follow https://bugzilla.mozilla.org/show_bug.cgi?id=1725996

No need to post followup comments saying “broken for me too”

+5
balloob on Aug 26, 2021

disable the tracking protection

Thank you, that’s very helpful.

I can confirm that disabling tracking protection in Firefox 90 allows it to display the Add-On’s web UI. However, here are some interesting observations:

  • Before disabling it, Firefox reported it found no trackers for that web page (hovering over the tracker icon displays the report).
  • I disabled and then re-enabled tracking protection and the web UI continues to be accessible. In other words, it now works even with tracking protection enabled.

I don’t understand the underlying mechanism responsible for this behavior but it seems to create a false-positive for Firefox’s tracker detection.

+5
tdejneka on Jul 24, 2021

Firefox 95 has been released and Ingress now works with strict mode. If you encounter an issue, please open a new issue.

+2
balloob on Dec 16, 2021

https://github.com/home-assistant/alerts.home-assistant.io/pull/399

+1
balloob on Sep 3, 2021

Should the information about the Firefox bug get an entry in the alerts?

+1
sim-san on Sep 3, 2021

The only difference I see between enabled/disabled tracking protection:

  • enabled: “Blocking third party cookies”
  • disabled: “Allowing third party cookies”
+1
casperklein on Jul 24, 2021
Read more comments on GitHub
← supervisor: Failure to update core addons repo (IssueType.CORRUPT_REPOSITORY)
supervisor: full backups not showing in list after finish when backing up addons with bytes length greater than 12 digits, error in supervisor log →