einhirn
commented
4 years ago Related to #16972 and #16553
Open einhirn opened 4 years ago
einhirn
commented
4 years ago Related to #16972 and #16553
bbrauns
commented
4 years ago Thank you for reporting this, we have the same issue.
jsalatiel
commented
4 years ago Same issue here.
einhirn
commented
4 years ago Please just use "Thumbs up" reaction on an existing comment instead of flooding this Issue with "me too" comments. You can also push the "subscribe" button to subscribe without having left a comment.
slater0013
commented
4 years ago Hello @einhirn could you please detail where and how you deployed your workaround solution ? Thanks ;)
einhirn
commented
4 years ago Take a look at this:
#location block of the rocket chat proxy in nginx {
# Disable Gzip-Compression coming from the Rocket-Chat-Servers so we can search and replace.
proxy_set_header Accept-Encoding "";
sub_filter_last_modified off;
sub_filter_once on;
sub_filter_types *; # text/javascript or something like that would probably suffice.
sub_filter 'allowfullscreen:"true",webkitallowfullscreen:"true",mozallowfullscreen:"true",allow:"geolocation; microphone; camera"' 'allowfullscreen:"true",webkitallowfullscreen:"true",mozallowfullscreen:"true",allow:"geolocation; microphone https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain; camera https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain; display-capture https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain;"';
# } # location block proxy end
gzip on;
gzip_types text/plain text/css text/javascript
gzip_proxied no-cache no-store private expired auth;This is just an idea I was able to implement - please don't demand help from me if it doesn't work for you. I just clobbered that together from what I gathered in nginx docs and other ressources I googled - please double check that it won't harm your server!
You can check the success and/or debug by "Inspect Element"ing (Firefox integrated Web-Developer Tools) the BBB-Iframe and looking at it's definition...
bbrauns
commented
4 years ago Please add an "always open in new window" option to mitigate permission problems caused by the iframe integration
github-actions[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
einhirn
commented
4 years ago This issue is still unresolved.
blaniel
commented
4 years ago Hello @einhirn (and everyone),
We are only planning on using BBB integration so I can't be categorical but adding an HTTP header in the nginx location block may do the trick and should be less prone to side effects.
add_header Feature-Policy "microphone https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain; camera https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain; display-capture https://bbb-node1.domain https://bbb-node2.domain https://bbb-node3.domain;";
(I don't know why we should use geolocation permission for BBB, unless I'm missing something)
einhirn
commented
4 years ago I think that I tried that before without success, but YMMV...
The proper solution would be to just open BBB in a new tab/window.
Description:
When integrating a load balanced BBB server (set up using https://github.com/blindsidenetworks/scalelite), a meeting opened via RocketChat fails to get access to microphone, camera etc.
This is because the Scalelite loadbalancer work by redirecting the API call to the least loaded BBB Server in the pool, thus changing the URL/Origin and breaking the FeaturePolicy set up for the iFrame used.
Steps to reproduce:
When you open the iFrame in a new window you can verify that BBB works as expected.
Expected behavior:
The meeting should be able to access the microphone etc. Feature request: The meeting should open in a new Tab/Window, then the problem wouldn't exist.
Actual behavior:
The meeting cant access the microphone and displays a matching error message:
The user needs to jump through hoops to open the iFrame in a new Tab to get a working meeting.
Server Setup Information:
Client Setup Information
Desktop App or Browser Version: Firefox 74.0 (64-bit), Chrome 80.0.3987.149 (Official Build) (64-bit)
Operating System: Win10 1709 Edu
Additional context
See https://github.com/blindsidenetworks/scalelite for how the loadbalancer works.
Our BBB Setup uses https://webconf.domain as API server, this is what is used for RC integration. Scalelite in turn hands the API call on to the least loaded server, in this case (see Browser log below) https://bbb-node2.domain
See the following about the "allow"-Tag in the iFrame. https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy
Relevant logs:
Inspect show following iFrame definition:
Browser Console logs something along this:
Server logs doesn't show any error.
Workaround:
Use nginx Substitution module to modify JS code on the fly. But even when the patched code appears in Inspect, Firefox fails to allow access to the microphone, while Chrome works as expected...
I use this method to replace the "allow" tag in the iframe definition to look like this:
(yes I didn't care about geolocation. But I added display capture)...