feat: support Jitsi instances that set x-frame-options and frame-ancestors CSP (#798)

While in browser environments the headers are sensible, the only purpose
of the electron app is load jitsi in the iframe api. This also is how the mobile apps behave (they also ignore the framing headers)

Fixes: #285 

1 files changed, 19 insertions, 0 deletions

diff --git a/main.js b/main.js
index 29440ad..f97350b 100644
--- a/main.js
+++ b/main.js
@@ -228,6 +228,25 @@ function createJitsiMeetWindow() {
 
     mainWindow.webContents.setWindowOpenHandler(windowOpenHandler);
 
+    // Filter out x-frame-options and frame-ancestors CSP to allow loading jitsi via the iframe API
+    // Resolves https://github.com/jitsi/jitsi-meet-electron/issues/285
+    mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {
+        delete details.responseHeaders['x-frame-options'];
+
+        if (details.responseHeaders['content-security-policy']) {
+            const cspFiltered = details.responseHeaders['content-security-policy'][0]
+                .split(';')
+                .filter(x => x.indexOf('frame-ancestors') === -1)
+                .join(';');
+
+            details.responseHeaders['content-security-policy'] = [ cspFiltered ];
+        }
+
+        callback({
+            responseHeaders: details.responseHeaders
+        });
+    });
+
     initPopupsConfigurationMain(mainWindow);
     setupAlwaysOnTopMain(mainWindow, null, windowOpenHandler);
     setupPowerMonitorMain(mainWindow);