Restrict access to websocket from cross_domains

Hi,
I use JitsiMeet version 2.0.5390-3 with prosody 0.11.2-1 on a debian 10 VPS. I use xmpp-websocket for communicating between server and client. and I use lib-jitsi-meet to implement my own frontend for jitsi.
as pointed here, I have set this option in example.com.cfg.lua:

cross_domain_websocket =true;

and every instance of my frontend running on every hostname can access and connect to the meeting, but I don’t wan’t that to happen. Is there a way to only allow users on specefic hostnames(e.g if jitsi is installed on jitsi.example.com, users on example.com and jitsi.example.com) to connect to server and restrict the access for other hostnames?

Thanks in advance. :slight_smile:

You can do that I think in your webserver:

In the bosh definition you can do add_header ‘Access-Control-Allow-Origin’ ‘somedomain.com’; and I think you can add several domains with a comma (check the syntax of that header)…