The default settings do not allow external sites to iframe internal MashZone NextGen assets such as dashboards, apps, etc. Specifically, "X-Frame-Options: SAMEORIGIN" and "Content-Security-Policy: frame-ancestors 'self'" are set, which instructs the browser to disallow rendering MashZone NextGen content in any external iFrame. Via configuration and re-start, we can relax this restriction.
Procedure
Open the applicationContext-security-filters.xml file in a text editor. The file is located in <MashZone NextGen installation>/apache-tomcat/webapps/[presto|mashzone]/WEB-INF/classes.
Find the <filter> entry of the HTTP Header Security Filter and uncomment the antiClickJackingUris parameter.
Replace the sample URI ' http://some-server' with the URI of the website allowed to iframe MashZone NextGen content.
Find the <filter> entry for Content-Security-Policy. Insert the URI of the website allowed to iframe MashZone NextGen content into the policy parameter, between frame-ancestors and 'self'.