Embedding Operavix Dashboards
Operavix dashboards can be embedded into external systems using the HTML <iframe> element.
Embedding via iframe is used when you need to display a dashboard inside another web system—such as a CRM or corporate portal—and open it directly with predefined parameters, without navigating to the Operavix interface.
Viewing dashboards requires an active user session in Operavix. When embedding via iframe, content is displayed only if a valid user session exists. Anonymous access to dashboards is not supported.
Enabling iframe Support
To allow Operavix dashboards to be displayed in external systems, enable <iframe> support in the system configuration.
- Before enabling
iframe, coordinate this decision with your information security team, as it may introduce additional security risks:- Cross-Site Scripting (XSS)
- Clickjacking
- Phishing via
iframe - Cross-Frame Scripting (XFS)
- Malicious content injection
- Loading of insecure resources
- User trust control issues
- Data leakage and privacy violations
Add the support_iframe parameter to the configuration file com.operavix.subsystem.frontend.json:
{
"support_iframe": true
}
After modifying the configuration, the server must be restarted.
Embedding a Dashboard on a Web Page
Once iframe support is enabled, the dashboard can be embedded into any external web page using the standard HTML <iframe> element:
<iframe
src="https://site.com/im/report/5673/publish?frame=true&filters=%5B%7B%22type%22%3A%22formula%22%2C%22format%22%3A%22STRING%22%7D%5D"
width="100%"
height="600"
frameborder="0"
allowfullscreen
></iframe>
| Attribute | Description |
|---|---|
src | Dashboard URL Can be copied from the browser address bar when the dashboard is open Must include the frame=true parameter |
width | iframe width |
height | iframe height |
frameborder="0" | Removes the border around the embedded dashboard |
allowfullscreen | Enables full-screen mode |
Dashboard Display Parameters
When embedding a dashboard, you can pass URL parameters that affect its appearance—for example:
https://site.com/im/report/123/publish?frame=true&filters=[{"type":"formula","format":"STRING"}]
| Parameter | Description |
|---|---|
frame | Controls the visibility of the navigation bar and other UI controls when embedding the dashboard. If the value is true, the navigation bar and auxiliary controls are hidden; if false, they are displayed. |
filters | Allows passing pre-configured filters via the URL. The value must be a valid JSON string and properly URL-encoded (e.g., using encodeURIComponent). |
Additional parameters (e.g., dashboard variables or BI input values) are supported depending on the dashboard configuration.
Requirements and Restrictions on the External Site
If the external site where you embed the iframe enforces a Content Security Policy (CSP), you must explicitly allow loading iframe content from the Operavix domain. Otherwise, the browser will block the embedding—even if Operavix is configured correctly.
Example CSP configuration:
Content-Security-Policy: frame-src https://site.com;
Where site.com is the domain of your Operavix installation.
It is also recommended to use the sandbox attribute in the <iframe> to restrict the capabilities of the embedded content.
Example:
<iframe
src="https://site.com/im/report/5673/publish?frame=true&filters=%5B%7B%22type%22%3A%22formula%22%2C%22format%22%3A%22STRING%22%7D%5D"
width="100%"
height="600"
frameborder="0"
allowfullscreen
sandbox="allow-same-origin allow-scripts allow-forms"
></iframe>
Was the article helpful?