Description
Hi,
This is not a real issue but more a request to change the sourcecode.
To improve security when using OTA httpupdateserver adding authentication is helpfull. Ive have tried with succes using only a few minor modifications to the current stable release.
in ESP8266HTTPUpdateServer.h change :
class ESP8266HTTPUpdateServer
{
private:
bool _serial_output;
ESP8266WebServer __server;
static const char *serverIndex;
public:
ESP8266HTTPUpdateServer(bool serial_debug=false);
void setup(ESP8266WebServer *server=NULL);
/ADDED/ char USR_NAME;
/ADDED/ char* USR_PWD;
};
in ESP8266HTTPUpdateServer.cpp change
void ESP8266HTTPUpdateServer::setup(ESP8266WebServer _server)
{
_server = server;
// handler for the /update form page
_server->on("/update", HTTP_GET, &{
/ADDED/ if(!_server->authenticate(USR_NAME, USR_PWD))
/ADDED/ return _server->requestAuthentication();
_server->sendHeader("Connection", "close");
server->sendHeader("Access-Control-Allow-Origin", "");
_server->send(200, "text/html", _serverIndex);
});
......
.....
}
the USR_NAME and USR_PWD can be set directly from the sketch as they are part of the structure.
So you can use (based on the webupdater example)
httpUpdater.USR_NAME="myName";
httpUpdater.USR_PWD="myPWD";
Tested and working as planned. I am sure real coders can do better than this.
regards
CorB
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.