Unable to log into octoprint through an iframe on home assistant

denicola · May 9, 2021, 10:09pm

What is the problem?

Can't log into octoprint through home assistant

What did you already try to solve it?

Google/forum search.
Connecting:

Local IP octoprint - local home assistant
Local IP octoprint - public SSL home assistant
Public SSL address octoprint - local home assistant
Public SSL address octoprint - public SSL home assistant

This is what I got in the console (chrome)

Have you tried running in safe mode?

Yes

Did running in safe mode solve the problem?

No

Systeminfo Bundle

You can download this in OctoPrint's System Information dialog ... no bundle, no support!)
System bundle

I've seen some topic's about this but I couldn't get a straight answer to my problem.

I cannot login.

jneilliii · May 10, 2021, 3:40am

IIRC this is a browser related issue, but make sure that you have the option to enable embedding in an iframe.

jneilliii · May 10, 2021, 3:51am

Here's the other thread discussing it. Unable to display OctoPrint inside Home Assistant iframe

denicola · May 10, 2021, 8:50am

Yes, it's enabled. Before it wasn't and the login page didn't even show up "x.x.x.x refused to connect"

I've also already read through the other thread but he seemed to get a "workaround" by installing a dedicated octoprint addon onto his home assistant and then called it quits.

This doesn't solve the problem though. I do not want to have it in my menu I need it inside a dedicated iframe.

denicola · May 11, 2021, 9:28pm

I've done some digging and I've found some things:

If I disable the first one in chrome then octoprint works in every iframe no problem.

I did what it said "add a SameSite=None attribute" which apparently is already default in octoprint.
So I'm jumping into the octoprint documentation and found this:

Added the "secure: true" to my config as I'm running octoprint through a reverse proxy and added "samesite: none" just for fun because why not? This should work right, I've specified everything that chrome asked for.
It wanted to have a SameSite=None; Secure attribute which octoprint should provide now correct?

Am I missing something here? Is this still browser related? The current browsers that I have are: Chrome, Microsoft Edge, FireFox, HomeAssistant Android App (probably based on chrome) and Internet Explorer

The only winning browser is Internet Explorer probably because the lack of security on it.

Charlie_Powell · May 11, 2021, 10:26pm

Are you using https for both OctoPrint and Home Assistant here?

denicola · May 11, 2021, 10:30pm

Certainly, yes.

Charlie_Powell · May 11, 2021, 10:32pm

Just had to make sure, since it wasn't specified and this is the only way this is ever going to work.

I would next try and find the request headers in the browser devtools (under Network) and check that the Set-Cookie header is actually showing the right things. I will have a look on my machine as well to make sure this is not a bug.

Charlie_Powell · May 11, 2021, 10:37pm

Interestingly, I'm not seeing Secure or SameSite values in the Set-Cookie header at all. Potential bug, will have to look at it tomorrow.

denicola · May 11, 2021, 10:42pm

Sure, was trying different things with 0 effect at al so good to hear that it's not only on my side. I also wasn't really sure where to find the Set-Cookie header so I'm glad that it's not needed anymore.

Charlie_Powell · May 11, 2021, 10:49pm

I was expecting to see it here:

But no, nothing there

denicola · May 11, 2021, 10:54pm

Oh there, ok.

The Secure attribute did come though.

Charlie_Powell · May 11, 2021, 10:59pm

Yeah, so I am now seeing the secure one (not sure why on the first screenshot it wasn't there) but no SameSite. Which means, that the browser is treating them as SameSite=Lax which we do not want.

jneilliii · May 11, 2021, 11:06pm

Curious if it's case-sensitive. I notice you used none instead of None in config.yaml.

denicola · May 11, 2021, 11:07pm

Well, let me ease that curiosity. I've already tried both without any luck.
edit: I've also tried SameSite: None.

Charlie_Powell · May 11, 2021, 11:09pm

I've found the bug

denicola · May 11, 2021, 11:11pm

Cool, I have to find out later. Thanks for now.

Charlie_Powell · May 11, 2021, 11:14pm

I have it locally, but it is getting too late for me to type up the PR. A mistake between Python's NoneType and the string 'None' was to blame here, leading to it getting ignored.

jneilliii · May 12, 2021, 2:42pm

I was wondering if it was something like that. Would surrounding the text in config.yaml with apostrophes help?

Charlie_Powell · May 12, 2021, 2:59pm

This commit fixes it for me, need to look at the tests in more detail - it was late yesterday... Will tidy up later.

OctoPrint converted the string into actual None, so that wouldn't help.