Forceu / barcodebuddy-docker

Docker image for BarcodeBuddy
MIT License
28 stars 16 forks source link

Authentication Failed in iframes #16

Open danukefl opened 3 years ago

danukefl commented 3 years ago

I have recently setup BarcodeBuddy in docker on a server but while figuring out the best way to use it with my workflow, I moved it to run in Docker on a RPI. Everything was running fine but recently I changed it so that it was running back on the original server (and the RPI just running the grabInput.sh script) and now authentication is failing by looping back to the login with empty UN and PW fields when using it through an iframe. Normally this is through the side panel pages in Home Assistant but was able to replicate in a simple local HTML page that just has an iframe panel.

My setup is BarcodeBuddy running docker on the server, a nginx reverse proxy that points to the BB HTTPS port, then Home Assistant pointing to the reverse proxy URL. Before moving stuff around, everything was working fine but after moving, entering the credentials just refreshes the page and empties the username and password fields. I created a new container with the base config and it was experiencing the issue too, I also recreated the container on the RPI with the same settings, and it also experienced the same issue.

I enabled Debug logging but it does not appear to capture anything with what is occurring. BB does work if I disable authentication though and directly through the reverse proxy URL. I am wondering if this is a browser security "thing" but can't confirm.

Tested using latest, arm32v7-latest, and v1.8.0.2 tags.

danukefl commented 3 years ago

Cookie “PHPSESSID” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.

The inspect element in Chrome/Firefox does throw the above and is probably the cause but I'm unsure of how to change this in the docker container.