HA Dashboard - Becker Login button in iframe stopped working

Charry2014 · March 12, 2023, 9:53pm

Hello everyone - very strange problem, I hope someone can help. An element on my HA dashboard for Becker blinds controller has mysteriously stopped working - The dashboard element is a simple iframe that loads a local page so the frame can auto-refresh regularly. This has worked perfectly for ages. HA is fully updated to 2023.3.3, OS 9.5, Supervisor 2023.03.1

Recently clicking the ‘Login’ button has stopped working - given the correct username & password and click Login nothing happens. Enter the wrong username or password and the ‘wrong password’ message is displayed. The behaviour is the same on the HA dashboard in any browser - the Fully browser on a Samsung tablet, or Chrome on the Mac. Going direct to the Becker URL works fine, just the HA dashboard will not load the site any more. I’ve reloaded, restarted, cleared the cache, updated. Now out of ideas.

How do I go about figuring out what is going wrong?

  - type: iframe
    url: /local/becker_custom_page/index.html
    aspect_ratio: 100%

And /www/becker_custom_page/index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="refresh" content="7200">
    <title>Becker Central Control</title>
  </head>
  <body>
   <iframe style="position:absolute; top:0; left:0; bottom:0; right:0; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;" src="https://gw.b-tronic.net/login/#/account/box/connect/betibi" frameborder="0">
  </iframe>
  </body>
</html>

Charry2014 · March 14, 2023, 5:08pm

OK - so I have no idea what happened but I have worked around the problem for the time being at least. By changing the web address to be https://gw.b-tronic.net/ccbetibi/ HA now displays the device page and so the Becker devices are back under control again.

To debug this I used Chrome’s debug console and network traffic tools to see what the difference was between the traffic directly from Chrome, which worked, and from HA dashboard which did not. This showed some differences and the link above.

If anyone can explain what is going on I would be thankful, but for now at least there is progress.

Charry2014 · March 28, 2023, 3:43pm

Debugging carries on. Using Chrome’s Developer Tools I have been sniffing the network traffic between Chrome, that is working, and HA which is not. The issue seems to be that from the HA dashboard the login simply doesn’t work on the Becker CentralControl CC41 device any more. This used to work fine.

On clicking the login button the page emits two RPC calls. This call & response are the same on Chrome and HA.

Request URL: https://gw.b-tronic.net/req/RPC
Request Method: POST
Status Code: 200 OK
{id: 0, jsonrpc: "2.0", method: "loginUser",…}
[{User: "[email protected]", Kennwort: "my_password", savelogin: 1}]

Response
{"id": 0, "result": {"VIPlevel": 1, "message": "ok", "isAdmin": false, "success": true}}

Then it seems the page tests if the user is logged in on the CC41 box with getLoggedInUser. Here the working case from Chrome:

POST as above
{  "id": 0, "jsonrpc": "2.0","method": "getLoggedInUser", "params": [],  "authcode": null }

Response
{"id": 0, "result": {"VIPlevel": 1, "message": "ok", "tokenLogin": false, "user": "my_user_name", "success": true}}

And here the broken case from HA. The outgoing POST request is the same as in Chrome, but the result:

{"id": 0, "result": {"message": "not logged in", "success": false}}

Testing with Postman and curl has shown that I can run this in HA’s console and then connect through the dashboard:

curl --location 'https://gw.b-tronic.net/req/RPC' \
--header 'Content-Type: text/plain' \
--header 'Cookie: GWB_TOKEN=-77766655444; _SID_=20230328141955-96666666c8c15f3face1b7e7f535acdc' \
--data-raw '{
  "id": 0,
  "jsonrpc": "2.0",
  "method": "loginUser",
  "params": [
    {
      "User": "[email protected]",
      "Kennwort": "my_pasword",
      "savelogin": 1
    }
  ],
  "authcode": null
}'
{"id": 0, "result": {"VIPlevel": 1, "message": "ok", "isAdmin": false, "success": true}}

Can anyone explain what is going on and how I can change HA so this works again? This is driving me nuts.

Charry2014 · July 5, 2023, 9:21am

Hello everyone - I want to surface this one again in case anyone can help me. After more debugging I have found that the login to the Becker motor controller works everywhere, except in a HA dashboard. Putting the Becker login link into the Fully Kiosk browser works fine. Any browser on the desktop or mobile works fine, but when wrapped in a card on HA dashboard it just doesn’t work at all, whatever I try.

This used to work, back at the beginning of 2023 - so can anyone tell me what changed in HA?

Charry2014 · December 8, 2023, 3:56pm

Following up again - having asked an expert friend for help we discovered very quickly that the problem here is the iFrame wrapping. Likely Becker changed their site, or something else changed, to prevent the site loading in an iFrame to increase ‘security’. Hm.

Any other way to embed a site in a HA dashboard other than using an iFrame?