Thank you Nanny Google :( - A little whine

Google Chrome got me a complaint from client #1 (my wife) and troubleshooting time today :onfire:

I have a frequently viewed power monitoring device with its own webserver on my network. It worked fine earlier this morning, but the webpage stopped being accessible before noon. OK, restart a couple of times, nope that didn’t fix it.

Cutting a long story short I finally discovered that some time this morning Chrome had decided to update itself from version 58 to 59. One of the changes in 59 is that it blocks Basic HTTP authentication (username:password passed in the URL) which is the way we access the page :roll: Until I can figure out another solution we have to login with username and password which are both long hex strings each time :frowning:

And Google wonders why users block automatic updating…

Have a look to see if its in the hidden settings

chrome://flags/

Wow, quite a list there 8O Thanks, I didn’t know that page existed.

They have warned since version 56 that it will be dropped :wink:

You could try creating this extension…
gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
No idea if it works out not…

Thanks :slight_smile: That should help with part 2 of the problem which is scripted use of Chrome with Python Selenium to download data.

Ha! Totally misread the link on my phone :oops: #-o

Looked into this a bit more, it looks like they have removed the ability to use basic authentication, not just disabled it. So no flags or command line options to switch it back on.

If you want to keep using Chrome a messy option would be to use something like Fiddler as a local proxy to inject the authentication field into the request header - you need to Base64 encode your username/password, I think Fiddler has an option for doing that.

I was impressed, I mean how does he know I’m using Python/Selenium to download data :?

It’s a shame that the Internet of Things isn’t more secure. Why did someone develop a device that doesn’t allow you to use https for entering a username and password. It almost seems like some people haven’t heard of cyber-security yet. Maybe I’m over-exposed to it, but I prefer that to under-exposure. Google, and others, are trying to raise the bar little by little, but that inevitably breaks some stuff where the manufacturer/developer didn’t bother thinking securely in the first place. The recent WannaCry and NotPetya outbreaks show how dangerous the world is, especially with NotPetya using one insecure internal device to attack many others that didn’t have the initial vulnerability. That is one of the big problems with insecure IoT devices. They might seem simple and nothing to worry about, but if usurped they can act as a Trojan Horse inside your network.