Etherpad when using iFrame API

Is there anyway to get etherpad to work when using the iFrame API for Jitsi? Currently it throws this error-

Error: Blocked a frame with origin “” from accessing a cross-origin frame.

From what I can find this is not an easy problem to overcome without disabling the security feature in Chrome. Etherpad works fine as long as the room is built without the iFrame.
Thank you.

Hi @bababooey,

I had a similar problem like you. If you’re using the iFrame API the domain where you host ether pad have to be equal to your Jitsi server. Check the following:

  1. Jitsi and your ether pad running on the same server

  2. get the port your etherpad uses (running on same domain but different ports is also a cross origin scenario.

  3. go to Nginx (etc/nginx/avaible-sites/ settings and add a new location, like this one:

    location = /etherpad {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection “upgrade”;
    proxy_set_header Host $http_host;
    tcp_nodelay on;

Now you can access your server with
Nginx will automatically reference you to

I believe the issue we are having is because our iFrame is not on the same domain as Etherpad and Jitsi. Etherpad and jitsi are on the same domain and both work. I have tried the CSP settings for the ep_helmet plugin but chrome (also firefox and edge) still seems to ignore them and blocks the traffic.
Pretty sure the issue is browser blocking cross-origin traffic on the iframes and from what i can find it can’t be overcome without everything being on the same domain, port and protocol. If I disable chrome web-security it works fine as well but that’s a big security risk.
Thank you,

When your running your own instance of Jitsi, you can simply host your website (where the iframe is embedded) on the same server.

I understand. The issue isn’t the server necessarily, it’s the domain name. If it’s not an exact match in the iframe, browsers will block it. We use different domain names for the iFrame sites. There is a JS solution using postMessage API that we might explore.

Isn’t a multi-domain configuration a smarter solution? You just have to add a few lines to Nginx.
In addition to my last commit this could handle one jitsi instance accessible with multiple domains.

Here multi domain is described:

My original goal here was to get etherpad on it’s own server, that’s how I started down this road. You did give me an idea though, you could setup an nginx proxy in front of all 3 servers and it would solve the problem. ie every domain could have it’s own location to the same etherpad server and not violate the cross origin rules. -> ->

@bababooey @comjs I’m getting same error. I’m getting cross origin error with or without iframe.
Can you please help?