motionEyeOS β Embed URL no longer accessible without authentication (now requires username/password)Β #3249
Description
Hello motionEyeOS team,
we are using motionEyeOS and embed the live stream / embed URL into an external interface. This worked without authentication until recently. Now, accessing the embed URL always triggers an authentication prompt (username + password), which breaks the embedding.
Issue:
Embed URL is no longer publicly accessible
Username and password are always required
iFrame / embedding no longer works
Expected behavior:
The embed URL should be optionally accessible without authentication (as before), e.g. via an anonymous viewer, unauthenticated stream, token-based URL, or a documented alternative for authenticated embedding.
Steps to reproduce:
Open motionEyeOS
Access the previously used embed/stream URL or load it in an iFrame
A login prompt (HTTP Basic Auth) appears
Context / notes:
This looks like a recent change in default security settings or a regression after an update or configuration change.
Please clarify whether there is a new setting to allow unauthenticated embeds or what the recommended approach is now.
Request:
Is this behavior intentional or a known change?
Which configuration or option is required to allow embed URLs without authentication?
If this is a security change: is there an official alternative (token-based embed, headers, cookies, etc.)?
Thank you for your support.