Hi everyone,
I want to embed charts and maps in my another site. How we can use this features ?
3 Likes
Hi
Have you checked out the user manual?
Regards
Calle
3 Likes
Still not get any solution
3 Likes
Hi Parveen,
As it is mentioned in this post, dhis2-cdn.org is not working. you should download that chart.js file from the instance you are getting the chart from (e.g. https://play.dhis2.org/2.30/dhis-web-visualizer/chart.js) as It couldn’t be referenced directly from the script tag (security issues).
and one last thing you need to make sure of, is check if your browser web security is disabled else it will block you from accessing dhis2 resources.
5 Likes
Hello @Panchal
If you’re referring to portal use case as in https://play.dhis2.org/portal/
There’s a bit of challenges with former plugins due to changes in format of returned analytics api results, which don’t conform exactly to structure is expected.
We tried to develop simplified public portal, which essentially allows you to expose few dashboards that you may want public, in which you can create an account with limited privileges and give it access to those dashboard. and public portal can use that account to publish the dashboard you’ve curated for public use.
The public web portal can be found here:
https://play.dhis2.org/appstore/app/J9yml33NsRL
5 Likes
I recently documented my experience in troubleshooting this frustrating issue on JIRA. The documentation is entirely wrong and it would save other developers/implementers/users a lot of time and headache if it was just removed or updated.
https://jira.dhis2.org/browse/DHIS2-7130
EDIT: I have resolved my issue and have succesffuly embedded some test charts. Feel free to contact me if you need assistance.
3 Likes
Hi Chase
I hate to be the party pooper, but I think you will need to edit that post with some sort of very prominent health warning. It feels look a nice hack, but is in fact quite dangerous and we don’t want to recommend people do what you are suggesting.
Exposing the DHIS2 credentials in the way that you do in the browser is potentially very dangerous. (Particularly the example of admin:district is not a good one to use for a learning example).
If you use a less-privileged user it is better, but still should not be done on a production system. Exposing any user credentials (even a guest user) opens up an attack area on the application which is not available to unauthenticated users. There are good reasons why you wouldn’t want to do this with DHIS2.
Currently I think the only reasonable way to do what you are trying to do, would be to configure a rule on your proxy server to make certain URLs you want to make public available for non-authenticated users (by allowing the proxy to apply the credentials so they are never seen in the browser).
Conceivably you could do something similar to what you are suggesting on a separate DHIS2 server which was set up for the sole purpose of serving analytics - ie with data “published” from a production server.
But definitely we do not want to give the impression that providing public access via portal like this is a recommended thing to do at all on a production server. Please digest and consider removing your post or slapping a heavy health warning on it.
Regards
Bob
1 Like
I’m happy to remove it. I never intended to use it in production and should have stated that it was merely an exercise in getting embedded charts working. Will they be supported again in the future?
Sorry Chase. I really feel like the bad cop here 
Will try and get some time early next week to work together with you to create some advice around this.
1 Like
No worries—I think you’re absolutely right! To be honest I haven’t looked at that issue in a year or so and lazily posted my own notes. However, if I remember correctly the whole thing started because of confusing documentation, unsupported features, and a broken CDN.
If the community wants to embed visualizations publicly perhaps we can revisit this in a way that is secure and fits recent developments. I don’t know what this looks like but am happy to work with the CoP on JIRA.
Thanks for getting this information out Bob!
I also strongly advice against using this on a server containing sensitive information.
This should only be used on a server containing only public data.
1 Like
@bobj & @netroms – I’m revisiting this topic of embedding visualizations on a third party site.
I understand that the key concern is the security of PII or potential PII being exposed publicly or through bad actors.
For non-sensitive data though, would it suffice to use the following approach to embed visualizations via third party:
- Configure an oAuth client on DHIS2 instance
- Authenticate against DHIS2 on third party site
- Use time-limited bearer tokens for all visualization/embed requests
- Always use SSL
- Always use bear tokens in request headers, not body/params
Alternatively, (and I’m not as familiar with this implementation) would it be better to use OpenID Connect as the auth layer?