It would be awesome to have the dsmr reader dashboard visible in a panel iframe. However I get a blank iframe when I try this. I Tried some other websites and that worked well.
Dsmr reader runs on the same raspberry on port 80 without ssl. I use the internal IP address with http:// as a prefix for the URL.
Does anyone know how to fix this?
Thanks
Hi Nick,
I had the same problem and finally managed to solve it.
First, let me explain the problem. To see why e.g. Chrome is not loading the iFrame from DSMR reader, hit F12 in Chrome to enter the devoloper tools. Hit F5 to reload and the error should appear. In my case, I got the following error.
Refused to display 'https://www.mysite.nl:8124/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
After some searching I found that this is a setting of your webserver, in our case Nginx, which was installed with DSMR-reader. It is protecting your DSMR reader website from being included in iFrames on websites different than the same server as where DSMR reader is running from. In my case, www.mywebsite.nl is reffering to my Synology (with a redirect to my raspberry), whereas DSMR reader is running on my raspberry.
First I tried to add the following line to my dsmr-webinterface.conf configuration file (in /etc/nginx/sites-enabled/).
add_header X-Frame_Option "ALLOW-FROM https://www.mysite.nl:8123/dsmr";
After reloading nginx I received an error about having conflicting values
Multiple 'X-Frame-Options' headers with conflicting values ('ALLOW-FROM https://www.mysite.nl:8124, SAMEORIGIN')
So, I changed back the file to the original state and I started looking where the âSAMEORIGINâ setting was defined. It turned out that it was not defined in the Nginx configuration files, but in the Django settings of the DSMR reader frontend. To change it, modify the following file: /home/dsmr/dsmr-reader/dsmrreader/config/base.py. Look for the following text and comment out the line with âdjango.middleware.clickjacking.XFrameOptionsMiddlewareâ, this is the line that is setting the X-Frame-Options to âSAMEORIGINâ.
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',**
'django.middleware.security.SecurityMiddleware',
# Local.
'dsmr_frontend.middleware.exception_traceback.ExceptionTracebackMiddleware',
)
After changing this, reload the DSMR reader and you should be all set.
sudo supervisorctl
reread
update
Hope this will help you out. See you in the office monday 
Note. For extra security, you can add the following line in your Nginx configuration file.
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://www.mysite.nl:*";Thanks Ernst,
I discussed this topic earlier with the developer of dsmr-reader. He came up with almost the same solution.
Just add the following to dsmrreader/settings.py. This worked for me.
X_FRAME_OPTIONS = 'ALLOW-FROM https://example.com/'
See you monday!
Did you got this working with SSL on the main HA url ?
As stated iFrame is not working when accessing a non secure iframe when ssl is enabled on HA url.
I cant get it to work either
Yes, it is working almost perfect. Just use a https:// address for your dsmr reader as well and refer to that https address. Of course you have to make dsmr reader accessible over https, similar as for home assistant, including the reverse proxy.
The only issue I have is that the iframe is not scrollable under iOS. There is an issue reported for that on git hub, but not solved yet.
Did you ever get this working from outside? Out would not prefer to open a port in my router to DSMR reader.
It was working fine, but I decided not to open DSMR reader to the world. It is only accessible from an internal IP address. Iâm running letsencrypt on my Synology and made a reverse proxy to my RPi, running HA and DSMR reader.
This is an old topic, but it still shows up in searches for this issue, so this seems relevant information to add:
If you use the DSMR Reader Docker instance by xirixiz, you can enable iframe support by adding an environment variable ENABLE_IFRAME with value true.
This environment variable causes the X_FRAME_OPTIONS to be set to ALLOWALL in settings.py, so keep in mind that this is less secure than the solution presented in previous comments where a specific domain is whitelisted.
X_FRAME_OPTIONS = 'ALLOWALL'