Etherpad isn't working with docker-jitsi setup

metadata · December 28, 2020, 8:30am

I’m trying to setup etherpad using docker-compose on my local machine but I’m getting error UnhandledError: Uncaught SecurityError: Blocked a frame with origin “https://localhost:8443” from accessing a cross-origin frame. I’m using AUTH_TYPE=jwt

Below is the screenshot

jitsi-meet.cfg.lua file

admins = {
    "focus@auth.meet.jitsi",
    "jvb1@auth.meet.jitsi"
}

plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
http_default_host = "meet.jitsi"
muc_mapper_domain_prefix = "muc"
muc_mapper_domain_base = "meet.jitsi"












asap_accepted_issuers = { "my_web_client","my_app_client" }



asap_accepted_audiences = { "myserver1","myserver2" }


consider_bosh_secure = true;

-- Deprecated in 0.12
-- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de



cross_domain_websocket = true
cross_domain_bosh = true


VirtualHost "meet.jitsi"


    authentication = "token"
    app_id = "E1B40"
    app_secret = "21D40CD42CCA9BE6B8932855781FC840"
    allow_empty_token = false




    ssl = {
        key = "/config/certs/meet.jitsi.key";
        certificate = "/config/certs/meet.jitsi.crt";
    }
    modules_enabled = {

        "websocket";
        "smacks"; -- XEP-0198: Stream Management

        "bosh";
        "pubsub";
        "ping";
        "speakerstats";
        "conference_duration";




    }



    speakerstats_component = "speakerstats.meet.jitsi"
    conference_duration_component = "conferenceduration.meet.jitsi"

    c2s_require_encryption = false



VirtualHost "auth.meet.jitsi"
    ssl = {
        key = "/config/certs/auth.meet.jitsi.key";
        certificate = "/config/certs/auth.meet.jitsi.crt";
    }
    authentication = "internal_hashed"


VirtualHost "recorder.meet.jitsi"
    modules_enabled = {
      "ping";
    }
    authentication = "internal_hashed"


Component "internal-muc.meet.jitsi" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";

    }
    muc_room_locking = false
    muc_room_default_public_jids = true

Component "muc.meet.jitsi" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";


        "token_verification";



        "muc_domain_mapper";

    }
    muc_room_cache_size = 1000
    muc_room_locking = false
    muc_room_default_public_jids = true

Component "focus.meet.jitsi"
    component_secret = "adda1154f24155a041bf2083e9e49978"

Component "speakerstats.meet.jitsi" "speakerstats_component"
    muc_component = "muc.meet.jitsi"

Component "conferenceduration.meet.jitsi" "conference_duration_component"
    muc_component = "muc.meet.jitsi"

etherpad

version: '3'

services:
    # Etherpad: real-time collaborative document editing
    etherpad:
        image: etherpad/etherpad:1.8.6
        restart: ${RESTART_POLICY}
        # ports:
        #   - "9001:9001"
        environment:
            - TITLE="${ETHERPAD_TITLE}"
            - DEFAULT_PAD_TEXT="${ETHERPAD_DEFAULT_PAD_TEXT}"
            - SKIN_NAME="${ETHERPAD_SKIN_NAME}"
            - SKIN_VARIANTS="${ETHERPAD_SKIN_VARIANTS}"
            - DEFAULT_PAD_TEXT="Welcome"
            - PAD_OPTIONS_NO_COLORS=false
            - PAD_OPTIONS_SHOW_CONTROLS=true

        networks:
            meet.jitsi:
                aliases:
                    - etherpad.meet.jitsi

networks:
  meet.jitsi:
    external: true

etherpad specific config in docker-compose.yml file

- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001

comjs · December 28, 2020, 1:07pm

Hi, what domain did you enter in your browser?
Mixing up 127.0.0.1 and localhost can also cause cross domain errors

metadata · December 29, 2020, 1:32am

I’m using https://localhost:8443 and also changed ETHERPAD_URL_BASE=https://localhost:8443 but still it is not working.

I also tried it on production env. getting same error.
Jitsi setup domain: meet.example.com
PUBLIC_URL: https://meet.example.com
ETHERPAD_URL_BASE: https://meet.example.com

iFrame url : test.example.com

etherpad config in meet.conf

# Etherpad-lite
location /etherpad/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

    proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_buffering off;
    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
}

jan1201 · February 2, 2021, 5:40pm

Hi,
not sure if this problem still exists.
I am getting an iFrame-issue as well and solved it in the way that I set up a reverse proxy (nginx) where /etherpad/ routed to 127.0.0.1:9001.
Etherpad is than available from outside with the same domain as the Jitsi-Server.

As I still got the issue with the cross-origin frame I have found out that there is an option in the SSL Policy which can be activated in NGinx:
add-header Content-Security-Policy “frame-ancestors your.domain;”;

This policy allows the mentioned websites to embed the page.

This solves my problem and Etherpad is now working embedded in Jitsi.

Best regards,

Jan