update Content-Security-Policy header for chromium

YunoHost-Apps / jitsi_ynh

Video conference for YunoHost

https://jitsi.org/

Apache License 2.0

21 stars 18 forks source link

update Content-Security-Policy header for chromium #114

Closed aya closed 1 year ago

aya commented 1 year ago

fixes #113.

Problem

Video fails to start on chromium because of Content Security Policy directive.

Solution

I added a "frame-ancestors 'self'" to the CSP header in the nginx.conf of jitsi, and updated the /etc/nginx/conf.d/security.conf.inc file to add a "worker-src 'self' blob:" in the CSP headers too.

PR Status

Proposal.

Tagadda commented 1 year ago

Have you tested this yourself ? I don't have a running Jisti instance running to try this right now.

aya commented 1 year ago

Have you tested this yourself ?

Yes.