DAKboard contains functionality to embed HTTPS websites into an iframe that permits embedding. This must be hosted so that it can be accessed via the internet and will not work within a local network. This will allow you to connect content to other sources and diversify your screen.
WARNING: Embedded sites may be able to view the address of your private URL. DAKboard takes certain measures to protect against malicious code via iframe but cannot validate that the iframe site you enter is free of all security risks. Only embed websites that are trustworthy and handle data securely.
Create a Block for 'Website/iframe in your custom screen.
Enter the website to embed, a refresh interval, and size the block to a desired location and size. Please note that HTTP sites cannot be embedded, only HTTPS sites may be used.
If your HTTPS page refuses to connect a gray page with a sad face will be shown, this is due to security implemented on the hosting site's web server which can only be changed by the website administrator. DAKboard cannot in any way override this to display your page. You cannot add pages that first require you to log in to view unless you have access to your display device to authenticate to the page first as well.
To identify if the page permits embedding, open your configured DAKboard screen URL and open the developer console on your browser (F12 in Chrome for example), then refresh the page. Click the Console tab, or the red error icon in the top right to display the page errors as shown below:
The following headers will prevent access :
X-Frame-Options: SAMEORIGIN
X-Frame-Options: DENY
And this header to allow access:
X-Frame-Options: ALLOW-FROM [uri]
Content-Security-Policies (CSP) is the name of an HTTP response header that all modern browsers use for enhanced security. These are controlled by the Site owner and can prevent the embedding of a site into the DAKboard screens. For more information on CSP check out the article from https://content-security-policy.com/. This includes information to better explain why these types of sites may not embed, and how to test a site to see if it will respond with a method to block embedding.