0

I'm running a matrix synapse instance with OpenID Keycloak and as web-client, I use Riot. I receive has refused to connect with : "Refused to frame 'https://matrix.domain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

However I have no problem connecting to it through Riot, I get the error when I display Riot in an iframe and try login, all the websites are of same domain wildcard.

My nginx config on matrix.instance.com is

server { server_name matrix.domain.com; root /var/www/matrix.domain.com; index index.html; #add_header 'Access-Control-Allow-Origin' '*'; add_header Content-Security-Policy "frame-ancestors https://website1.domain.com https://website2.domain.com> location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass http://localhost:8008; }

Thom A
  • 88,727
  • 11
  • 45
  • 75
Ari Berisha
  • 1
  • 1

1 Answers1

0

I have found the solution, matrix-synapse throws the flag from this directory /opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py

The flag is declared within this file. Hence giving you issues when reverse proxying synapse.

Ari Berisha
  • 1
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Feb 09 '22 at 17:34