I used to be able to embed Home Assistant into another webpage, in my case Nextcloud via the external sites plugin. Basically I could run Home Assistant in an iframe. I can no longer do this and I get an error: Blocked a frame with origin “https://ha.example.com” from accessing a cross-origin frame.
Is there any way to configure Home Assistant to allow cross origin frames? I already have my Home Assistant behind an Apache proxy, so that is working fine.
I actually figured it out in my case. In my situation I have an Apache proxy for HA setup as an Apache virtual host, and in that host I specify a content security policy. So I use something like this:
I’m not entirely sure if all those settings are actually necessary, but I set it up that way so that no matter what way you view the page it should still work. These values work for me and I have my HA embedded in Nextcloud via external sites again.
For the users on research for solutions: I found something, but it has quite some limits due to security (or lack thereof).
The following post below, along with kiosk-mode (HACS frontend), should allow you to embed dashboards in pages.
One major problem with this is that the login is bypassed for IP addresses, and makes for a big security hole in something public-facing. If anything, this is more useful as a source in Larix Broadcaster or OBS Studio.
If anyone does go ahead with this, the USER ID IS NOT YOUR USERNAME. Go to: Settings > People > Users (up top) > [target user]
You should now see the ID needed. Putting the username in user_id1 will cause your instance to kick into safe mode.
Basically just replace all occurrences 192.168.8.22 (leaving the /32 alone) with the IP address of the device you’re using to view the page, and user_id1 with the ID I mentioned above this quote. Then stick it in your configuration.yaml and bob’s your uncle(?). This might need a restart if a YAML refresh doesn’t do it. I have no idea how that saying works…