Allow Supervisor token authentication from landing page (#5321)

The landing page provides the Supervisor token as authentication, so consider the landingpage as new enough too.
home-assistant · Oct 3, 2024 · ee5ded2 · ee5ded2
1 parent f530db9
commit ee5ded2
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/supervisor/api/middleware/security.py b/supervisor/api/middleware/security.py
@@ -9,6 +9,8 @@
 from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
 from awesomeversion import AwesomeVersion
 
+from supervisor.homeassistant.const import LANDINGPAGE
+
 from ...addons.const import RE_SLUG
 from ...const import (
     REQUEST_FROM,
@@ -288,8 +290,10 @@ async def token_validation(
     @middleware
     async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
         """Validate user from Core API proxy."""
-        if request[REQUEST_FROM] != self.sys_homeassistant or version_is_new_enough(
-            self.sys_homeassistant.version, _CORE_VERSION
+        if (
+            request[REQUEST_FROM] != self.sys_homeassistant
+            or self.sys_homeassistant.version == LANDINGPAGE
+            or version_is_new_enough(self.sys_homeassistant.version, _CORE_VERSION)
         ):
             return await handler(request)