Display grafana-web-page inside webvisu

hi there,

i’m using a compact-controller 100 - plc-prg, docker with influxdb- and grafana-images on it. All works fine - but:

In the codesys-visu i’m using the browser-element in the hope of displaying the grafana-web-page there.
The URL was set as http://xxx.xxx.xxx.xxx:3000…pagewithgraphics…
It worked when used in the normal webbrowser, but inside the visu-element it doesn’t. A grey frame appears with the message: Website is blocked - contact the user.
Can this have to do with the grafana-proxy-setting?
I already tried different settings in the grafana-ini and my web-knowledge is still expandable! Can someone help?

Hi @schweichichi,
For security reason embedding webpage in another is by default disabled.
To allow embedding, you can modify the grafana config file, but it looks more convenient to do it using an environment variable, so you can add the following parameter to your docker run command :

-e "GF_SECURITY_ALLOW_EMBEDDING=true" -e "GF_AUTH_ANONYMOUS_ENABLED=true" 

The first allow embedding and the second disable the authentication, this is probably what you want to consider.

Also you will have to enable http port on the CC100 WBM, since embedding http iframe in http webpage isn’t allowed.

You need to modify the lighttpd web server configuration of the CC100.
Edit the file /etc/lighttpd/webvisu.conf

Change the line

setenv.set-response-header  += ("Content-Security-Policy" => "default-src 'self' 'unsafe-inline'”)

by :

setenv.set-response-header  += ("Content-Security-Policy" => "default-src 'self' 'unsafe-inline';frame-src * 'unsafe-inline' 'unsafe-eval'")

Restart the webserver :

/etc/init.d/lighttpd restart

Of course you should consider the security impacts of doing this…

You should add the kiosk parameter in the iframe URL in order to hide the menu, example :

http://[grafanaURL]:3000/d/[dashboardID]/[dashboardname]?kiosk
3 Likes

Hi Quentin,

this works really great - thank you!

The controller and panel are part of a local application without a NAT, an insecure connection is ok in this case.

Thank’s a lot!

1 Like