deployment: Add rule to allow iframe

openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf

@@ -1,3 +1,5 @@
+{xframe_options}
+
 {app_upstream}
 
 upstream openviduserver {

openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/xframe_sameorigin.conf

@@ -0,0 +1 @@
+add_header X-Frame-Options SAMEORIGIN;

openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf

@@ -1,4 +1,5 @@
-add_header X-Frame-Options SAMEORIGIN;
+{xframe_options}
+
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 

openvidu-server/docker/openvidu-proxy/entrypoint.sh

@@ -47,6 +47,7 @@ CERTIFICATES_CONF="${CERTIFICATES_LIVE_FOLDER}/certificates.conf"
 [ -z "${PUBLIC_IP}" ] && export PUBLIC_IP=auto-ipv4
 [ -z "${ALLOWED_ACCESS_TO_DASHBOARD}" ] && export ALLOWED_ACCESS_TO_DASHBOARD=all
 [ -z "${ALLOWED_ACCESS_TO_RESTAPI}" ] && export ALLOWED_ACCESS_TO_RESTAPI=all
+[ -z "${XFRAME_SAMEORIGIN}" ] && export XFRAME_SAMEORIGIN=false
 
 # Show input enviroment variables
 printf "\n  ======================================="
@@ -228,6 +229,12 @@ elif [[ "${WITH_APP}" == "false" ]]; then
   sed -e '/{app_config}/{r default_nginx_conf/global/app_config_default.conf' -e 'd}' -i /etc/nginx/conf.d/*
 fi
 
+if [[ "${XFRAME_SAMEORIGIN}" == "true" ]]; then
+  sed -e '/{xframe_options}/{r default_nginx_conf/global/xframe_sameorigin.conf' -e 'd}' -i /etc/nginx/conf.d/*
+elif [[ "${XFRAME_SAMEORIGIN}" == "false" ]]; then
+  sed -i '/{xframe_options}/d' /etc/nginx/conf.d/*
+fi
+
 if [[ "${SUPPORT_DEPRECATED_API}" == "true" ]]; then
   sed -e '/{deprecated_api_ce}/{r default_nginx_conf/global/ce/deprecated_api_ce.conf' -e 'd}' -i /etc/nginx/conf.d/*
   sed -e '/{deprecated_api_pro}/{r default_nginx_conf/global/pro/deprecated_api_pro.conf' -e 'd}' -i /etc/nginx/conf.d/*