I am using a custom BBB installation for use in my Angular App. I am calling the join request in an iframe with redirect set to true. Everything was working fine with BBB 2.0 but after I have updated it to 2.2, I am getting an error 401 Unauthorised due to missing credentials.
However, if I make the same request in a new tab, it loads the meeting.
There is another weird behaviour. It works fine even in an iframe on Chrome in Mac.
What changed with 2.2? How do I fix this?
To make it work, I added
allowRequestsWithoutSession=true
in /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (then remember to restart BBB with bbb-conf --restart)
Then I used this iframe to enable all features (screen sharing, full screen...)
<IFRAME allow="geolocation *; microphone *; camera *; display-capture *;" allowFullScreen="true" webkitallowfullscreen="true" mozallowfullscreen="true" sandbox="allow-same-origin allow-scripts allow-modals allow-forms" style='width:100%;height:100%;border:0' scrolling="no"></IFRAME>
Note: the page with the iframe must be on a https website otherwise you'll get only a dark blue empty screen.
Do you happen to be using chromium, chrome or any chromium based browser?
I believe this is related to google rolling out the Same-Site-By-Default (anti?-)feature to a fraction of their users. I can reproduce your issues by enabling that feature. I believe you won't experience these issues anymore if you visit chrome://flags/ and set SameSite by default cookies to Disabled.
If that helps then you'll have to make sure BBB sends the correct set-cookie-headers in order to solve the problem for other chrome browsers with "SameSite by default cookies" enabled. Addin SameSite=none to the Set-Cookie header should work.
Probably the easiest way to solve this would be to run the website containing the iframe and the bbb instance on the same site. This post explains which two domains qualify as "same site".
