Problem including checkmk into external iFrame

CMK version: 2.0.0b5
OS version: Docker (checkmk/check-mk-raw:2.0.0-latest)

Explaination:

A small html website running on a raspberry pi has multiple iFrames showing different things (e.g. grafana dashboards, ticket-system, and so on). Now we’re trying to include a checkmk dashboard.

We created this url:
https://checkmk.our-domain.de/cmk/check_mk/login.py?_username=raspberry&_password=xxxx&_login=1&_origtarget=/cmk/check_mk/dashboard.py%3Fname=networkapswitche
“networkapswitche” is the name of the dashboard we created.

(And by the way, the documentation misleading here. You can’t have the ? character twice inside a url, so each further ? character must be escaped as %3F) the example in documentation is wrong

Error message: (Chrome Console)
Unsafe attempt to initiate navigation for frame with origin 'https://raspberry.our-domain.de' from frame with URL 'https://checkmk.our-domain.de/cmk/check_mk/login.py?_origtarget=dashboard.py%3Fname%3Dnetworkapswitche'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.

The problem is the part attempt to initiate navigation and navigation is targeting its top-level window. This is also called framebusting when an embedded site is trying to redirect the top-level window to another URL.

Conclusion:
It’s not a problem which can be solved with a Content-Security-Policy header or anything else, because even if the browser allows the checkmk initiated top-level navigation, it will burst our iFrame so that all other iFrames on the Raspberry html site are lost.

How is the login-redirect done? Can it be changed, so that it wouldn’t burst the iFrame? How do you include a checkmk inside a iFrame?