Unable to log into octoprint through an iframe on home assistant

What is the problem?

Can't log into octoprint through home assistant

What did you already try to solve it?

Google/forum search.

  1. Local IP octoprint - local home assistant
  2. Local IP octoprint - public SSL home assistant
  3. Public SSL address octoprint - local home assistant
  4. Public SSL address octoprint - public SSL home assistant

This is what I got in the console (chrome)

Have you tried running in safe mode?


Did running in safe mode solve the problem?


Systeminfo Bundle

You can download this in OctoPrint's System Information dialog ... no bundle, no support!)
System bundle

I've seen some topic's about this but I couldn't get a straight answer to my problem.

I cannot login.

IIRC this is a browser related issue, but make sure that you have the option to enable embedding in an iframe.

Here's the other thread discussing it. Unable to display OctoPrint inside Home Assistant iframe

Yes, it's enabled. Before it wasn't and the login page didn't even show up "x.x.x.x refused to connect"

I've also already read through the other thread but he seemed to get a "workaround" by installing a dedicated octoprint addon onto his home assistant and then called it quits.

This doesn't solve the problem though. I do not want to have it in my menu I need it inside a dedicated iframe.

I've done some digging and I've found some things:

If I disable the first one in chrome then octoprint works in every iframe no problem.

I did what it said "add a SameSite=None attribute" which apparently is already default in octoprint.
So I'm jumping into the octoprint documentation and found this:

Added the "secure: true" to my config as I'm running octoprint through a reverse proxy and added "samesite: none" just for fun because why not? This should work right, I've specified everything that chrome asked for.
It wanted to have a SameSite=None; Secure attribute which octoprint should provide now correct?

Am I missing something here? Is this still browser related? The current browsers that I have are: Chrome, Microsoft Edge, FireFox, HomeAssistant Android App (probably based on chrome) and Internet Explorer

The only winning browser is Internet Explorer probably because the lack of security on it.

Are you using https for both OctoPrint and Home Assistant here?

Certainly, yes.

Just had to make sure, since it wasn't specified and this is the only way this is ever going to work.

I would next try and find the request headers in the browser devtools (under Network) and check that the Set-Cookie header is actually showing the right things. I will have a look on my machine as well to make sure this is not a bug.

Interestingly, I'm not seeing Secure or SameSite values in the Set-Cookie header at all. Potential bug, will have to look at it tomorrow.

Sure, was trying different things with 0 effect at al so good to hear that it's not only on my side. I also wasn't really sure where to find the Set-Cookie header so I'm glad that it's not needed anymore.

I was expecting to see it here:

But no, nothing there :slightly_frowning_face:

Oh there, ok.
The Secure attribute did come though.

Yeah, so I am now seeing the secure one (not sure why on the first screenshot it wasn't there) but no SameSite. Which means, that the browser is treating them as SameSite=Lax which we do not want.

Curious if it's case-sensitive. I notice you used none instead of None in config.yaml.

Well, let me ease that curiosity. I've already tried both without any luck.
edit: I've also tried SameSite: None.

I've found the bug :slightly_smiling_face:

Cool, I have to find out later. Thanks for now. :slightly_smiling_face:

I have it locally, but it is getting too late for me to type up the PR. A mistake between Python's NoneType and the string 'None' was to blame here, leading to it getting ignored.

I was wondering if it was something like that. Would surrounding the text in config.yaml with apostrophes help?

This commit fixes it for me, need to look at the tests in more detail - it was late yesterday... Will tidy up later.

OctoPrint converted the string into actual None, so that wouldn't help.