Please follow the below template, it will help us to help you!
Expected Behaviour:
Inside of /scripts/pi-hole/php/auth.php, there's a function called check_cors (line 37) which is called when hitting the api.php script (line 15). In the function check_cors, there's an array of allowed hostnames, and based on the lines following the array, you can add to the array by creating environment variables. I expect that when the environment variable is set (I did it as a global environmental variable on ubuntu server 22.04 in Hyper-V), pihole would all the values of the env var into that array. I'm trying to connect pihole into Homer Dashboard, which hits pihole's api.php endpoint, but because of CORS, it gets rejected and therefore none of pihole's stats show up on my Homer Dashboard.
Actual Behaviour:
It doesn't add the env var values into the Authorized_hostnames array. Therefore CORS fails, and Homer Dashboard's attempt to fetch from api.php fails.
I've tried to create environment variables insode of /etc/lighttpd/external.conf too. The file has:
setenv.add-environment = (
"VIRTUAL_HOST" => "hp-pav.home,webserver.home,10.0.1.2"
"CORS_HOSTS" => "hp-pav.home,webserver.home,10.0.1.2"
)
which has the two environment variables that it should supposedly be looking for.
These directives set the given values, rather than appending the given values to the headers or environment.
These directives take precedence over the setenv.add-* counterparts.
Set a blank value to remove request header or remove response header.
Edit:
Try to use the append operator +=. I've never tried it, but it's worth a try.
Well I’m sure that’ll become an issue later, but that doesn’t matter now as CORS on pihole is rejecting Homer’s attempt to fetch data from pihole’a api.php endpoint to begin with. I also just haven’t gotten far enough to figure that out as CORS is getting rejected by pihole, so that’s a problem for later, if it becomes a problem.
I know that I can edit the auth.php file, but that’s going to get overwritten whenever pihole is updated so it’s not a solution.
I have absolutely no clue what did it. but something did it, and CORS isn't blocking the request after a reboot. Apparently lighttpd doesn't restart when restarting pihole using pihole restartdns. That being said, is there a way to stop lighttpd and the restart it without restarting the whole machine (or hyper-v machine)?
End Solution:
inside of /etc/lighttpd/external.conf, add environment variables.
This is what I have:
setenv.add-environment += (
"VIRTUAL_HOST" => "<insert your domains/ips, separated by commas>"
)
Then once you finish saving that file, you want to restart lighttpd. From the little research I did, I just ran sudo /etc/init.d/lighttpd restart, and you're good to go. The env vars should be updated, no need to reboot the machine.
Edit 2: Looks like auth.php which has the check_cors function is looking for the CORS_HOSTS env var? I have CORS_HOSTS and VIRTUAL_HOST set to the same values, but misspelling CORS_HOSTS on purpose breaks CORS, and by extension Homer, so maybe use CORS_HOSTS rather than VIRTUAL_HOST inside of etc/lighttpd/external.conf?