-
Notifications
You must be signed in to change notification settings - Fork 52
Add jitsi admin to an allowed frame ancestor
holema edited this page Mar 23, 2022
·
1 revision
When hardening your jitsi-meet server you can set the frame-ancestor and disallow CORS. To fix this issue add the following lines to your nginx config.
#/etc/nginx/sites-available/<jitsi-domain.conf>
server:{
listen :443
add_header Access-Control-Allow-Origin https://jitsi-admin.de https://<meet.domain.org>;
add_header Content-Security-Policy "default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; frame-ancestors jitsi-admin.de <meet.domain.org> file://*; img-src * data:; media-src * data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'" always;
.....
}