Restrict access to websocket from cross_domains

I use JitsiMeet version 2.0.5390-3 with prosody 0.11.2-1 on a debian 10 VPS. I use xmpp-websocket for communicating between server and client. and I use lib-jitsi-meet to implement my own frontend for jitsi.
as pointed here, I have set this option in

cross_domain_websocket =true;

and every instance of my frontend running on every hostname can access and connect to the meeting, but I don’t wan’t that to happen. Is there a way to only allow users on specefic hostnames(e.g if jitsi is installed on, users on and to connect to server and restrict the access for other hostnames?

Thanks in advance. :slight_smile:

You can do that I think in your webserver:

In the bosh definition you can do add_header ‘Access-Control-Allow-Origin’ ‘’; and I think you can add several domains with a comma (check the syntax of that header)…