android: Crash when integrating an iframe with basic auth security

**Home Assistant Android version: 3.0.2-full **

Android version: 10

**Phone model: samsung galaxy s10 **

**Home Assistant version: 0.118.4 **

**Last working Home Assistant release (if known): **

Description of problem: I configured in my homeassistant, a netdata iframe with this configuration :

panel_iframe:
  netdata_mypc:
    title: 'NetData MyPC'
    icon: mdi:wrench
    url: https://[mydns]:443/netdata_mypc/

As I found that the access to https://mydns:443/netdata_mypc/ was totaly open (unsecured) to every body, I put a minimal security to it by adding a basic authentification in the home assistant nginx configuration (file /share/nginx_proxy_default.conf) :

location ~ /netdata_mypc/(?<ndpath>.*) {                                                                                                                                             
        auth_basic "It's private here";                                                                                                                                                      
        auth_basic_user_file /share/.htpasswd;                                                                                                                                         
                                                                                                                                                                                       
        proxy_redirect off;                                                                                                                                                            
        proxy_set_header Host $host;                                                                                                                                                   
                                                                                                                                                                                       
        proxy_set_header X-Forwarded-Host $host;                                                                                                                                       
        proxy_set_header X-Forwarded-Server $host;                                                                                                                                     
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                   
        proxy_http_version 1.1;                                                                                                                                                        
        proxy_pass_request_headers on;                                                                                                                                                 
        proxy_set_header Connection "keep-alive";                                                                                                                                      
        proxy_store off;                                                                                                                                                               
        proxy_pass http://[my_internal_ip]:19999/$ndpath$is_args$args;                                                                                                                      
                                                                                                                                                                                       
        gzip on;                                                                                                                                                                       
        gzip_proxied any;                                                                                                                                                              
        gzip_types *;                                                                                                                                                                  
}

Eveything works juste fine in my desktop browser : It get a basic authentification question when I click on the “Netdata MyPC” link in the menu from homeassistant.

When I do the same in the android app, it sometimes asks for a basic auth and then crashes or simply crashes whenever I click on the “Netdata MyPC” link.

Could you please, reproduce the problem and correct it in a future version : all my configuration is given here and I get the same problem with whatever page I integrate as an iframe (it is not specific to netdata web page).

Another point, if there exists a better authentication mechanism than basic auth to be configured in nginx and behave as a SSO with home assistant’s core one, I would configure it but I did not find anything like this.

Traceback (if applicable): I do not know how to get a traceback of the crash.

Screenshot of problem: None

Additional information: None.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 20 (9 by maintainers)

Most upvoted comments

Hi,

@dshokouhi, I’ve got a good news : the debug APK of the previous comment is working correctly. It solves completely the problem for me : I have a basic auth form and then I can access my internal web site.

Thanks for the correction and I hope it will be published in the store soon.

+1
cnico on Jan 8, 2021
Read more comments on GitHub
← android: Companion app unable to connect to HA instance while mobile website still works.
android: Crash when poor or no connection with widgets →