Skip to content

Commit

Permalink
feat: support Jitsi instances that set x-frame-options and frame-ance…
Browse files Browse the repository at this point in the history 
…stors CSP (#798)

While in browser environments the headers are sensible, the only purpose
of the electron app is load jitsi in the iframe api. This also is how the mobile apps behave (they also ignore the framing headers)

Fixes: #285
  • Loading branch information
@csett86
csett86 authored Oct 14, 2022
1 parent f702250 commit 15092d7
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 14 deletions.
14 changes: 0 additions & 14 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,6 @@ For *macOS* user, you can install the application using the following command:
brew install --cask jitsi-meet
```

### Using it with your own Jitsi Meet installation

:warning: The following additional HTTP headers are known to break the Electron App:

```
Content-Security-Policy "frame-ancestors [looks like any value is bad]";
X-Frame-Options "DENY";
X-Frame-Options "sameorigin";
```
A working Content Security Policy looks like that:
```
Content-Security-Policy "img-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'wasm-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none';";
```

## Development

If you want to hack on this project, here is how you do it.
Expand Down
19 changes: 19 additions & 0 deletions main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,25 @@ function createJitsiMeetWindow() {

mainWindow.webContents.setWindowOpenHandler(windowOpenHandler);

// Filter out x-frame-options and frame-ancestors CSP to allow loading jitsi via the iframe API
// Resolves https://github.com/jitsi/jitsi-meet-electron/issues/285
mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {
delete details.responseHeaders['x-frame-options'];

if (details.responseHeaders['content-security-policy']) {
const cspFiltered = details.responseHeaders['content-security-policy'][0]
.split(';')
.filter(x => x.indexOf('frame-ancestors') === -1)
.join(';');

details.responseHeaders['content-security-policy'] = [ cspFiltered ];
}

callback({
responseHeaders: details.responseHeaders
});
});

initPopupsConfigurationMain(mainWindow);
setupAlwaysOnTopMain(mainWindow, null, windowOpenHandler);
setupPowerMonitorMain(mainWindow);
Expand Down

0 comments on commit 15092d7

Please sign in to comment.