Skip to content

Resolving cauth Issues

Jump to bottom Edit New page
slai edited this page Jan 29, 2011 · 1 revision

Don’t bother following these instructions unless you are actually seeing either of the following messages from the widget -

  • cauth not configured
  • cauth invalid

On versions of Squeezebox Server 7.5 or lower, CSRF protection was enabled by default at the medium level. CSRF is a trick that can be used to control your Squeezebox Server installation, often without your consent.

To ensure all requests to your Squeezebox Server are authorized, Squeezebox Server uses a password called a cauth value. You need to retrieve this password and add it into the widget configuration.

Checking your CSRF protection level

  1. Navigate to your Squeezebox Server web interface, http://address_:_port/ replacing address and port with your Squeezebox Server address and port respectively.
  2. Click on the Settings link in the bottom right corner.
  3. Select the Advanced tab.
  4. Change to the Security subsection using the drop-down menu underneath the tabs.
  5. Find the setting named CSRF Protection Level.

If it is currently set to None, you do not have CSRF protection enabled, and you should not have gotten the messages listed at the top of this article. Stop here.

If it is currently set to Medium, you’re good to go – continue to the next section.

If it is currently set to High, please change it to Medium and click the Apply button in the bottom-right corner.

The High protection level is not supported by this widget; the difference between the two levels is that Medium uses the same password for every action, while High uses a different one.

Retrieving your cauth value

Open up a web browser, and navigate to the following URL, replacing the address and port with your Squeezebox Server’s address and port:

http://address_:_port/xml/?p0=pref

You should see something like this:
Squeezebox Server CSRF error page

Your cauth value is the value after cauth= in the URL, as underlined in red in the diagram. Copy this value.

Configuring sbController

Now navigate to www.chumby.com in your web browser, log in, go to manage channels, find the channel with the sbController widget in it, and click on the Customize link for the widget.

Paste the cauth value you copied earlier into the Cauth field, then click Save.

On your Chumby-powered device, in the Control Panel, click on Channel, then Reload to refresh it. Or just power-cycle the device.

You should now be able to control your Squeezebox from the widget.

Add a custom footer
Add a custom sidebar

Clone this wiki locally