diff options
| -rw-r--r-- | README.md | 14 | ||||
| -rw-r--r-- | main.js | 19 |
2 files changed, 19 insertions, 14 deletions
@@ -37,20 +37,6 @@ For *macOS* user, you can install the application using the following command: brew install --cask jitsi-meet ``` -### Using it with your own Jitsi Meet installation - -:warning: The following additional HTTP headers are known to break the Electron App: - -``` -Content-Security-Policy "frame-ancestors [looks like any value is bad]"; -X-Frame-Options "DENY"; -X-Frame-Options "sameorigin"; -``` -A working Content Security Policy looks like that: -``` -Content-Security-Policy "img-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'wasm-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none';"; -``` - ## Development If you want to hack on this project, here is how you do it. @@ -228,6 +228,25 @@ function createJitsiMeetWindow() { mainWindow.webContents.setWindowOpenHandler(windowOpenHandler); + // Filter out x-frame-options and frame-ancestors CSP to allow loading jitsi via the iframe API + // Resolves https://github.com/jitsi/jitsi-meet-electron/issues/285 + mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => { + delete details.responseHeaders['x-frame-options']; + + if (details.responseHeaders['content-security-policy']) { + const cspFiltered = details.responseHeaders['content-security-policy'][0] + .split(';') + .filter(x => x.indexOf('frame-ancestors') === -1) + .join(';'); + + details.responseHeaders['content-security-policy'] = [ cspFiltered ]; + } + + callback({ + responseHeaders: details.responseHeaders + }); + }); + initPopupsConfigurationMain(mainWindow); setupAlwaysOnTopMain(mainWindow, null, windowOpenHandler); setupPowerMonitorMain(mainWindow); |