How to integrate with etherpad? Not working due to error related with a cross-origin frame

Hello,

following https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy and https://github.com/jitsi/jitsi-meet/wiki/Etherpad-addition-example I am trying to integrade Etherpad Lite inside a conference room, and I’m stuck with these errors.

[JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>:  UnhandledError: Uncaught SecurityError: Blocked a frame with origin "https://example.com" from accessing a cross-origin frame. Script: https://examplei.com/libs/app.bundle.min.js?v=3969 Line: 152 Column: 124306 StackTrace:  DOMException: Blocked a frame with origin "https://example.com" from accessing a cross-origin frame.
    at c (https://example.com/libs/app.bundle.min.js?v=3969:152:124306)
    at HTMLIFrameElement.t.onload (https://example.com/libs/app.bundle.min.js?v=3969:152:124944)
Uncaught DOMException: Blocked a frame with origin "https://example.com.com" from accessing a cross-origin frame.
    at c (https://example.com/libs/app.bundle.min.js?v=3969:152:124306)
    at HTMLIFrameElement.t.onload (https://example.com/libs/app.bundle.min.js?v=3969:152:124944)

The pad itself is displayed but I cannot go back to the conference by choosing Close shared document.

Any help would be appreciated.

Well apparently it’s related with the simple fact that “You can’t access an <iframe> with different origin using JavaScript, it would be a huge security flaw if you could do it.”

What I want to know it that how to tell nginx that the accessed iframe is actually sent from the same origin.

Well basically the issue is same as: https://github.com/jitsi/jitsi-meet/issues/2708

yet I am not sure how to fix that. I suspect it’s related with nginx setting though…

Normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host. Above error message shows that you can’t access an < iframe > with different origin using JavaScript/jQuery, it would be a huge security flaw if you could do it.

window.postMessage() provides a controlled mechanism to securely circumvent this restriction.