Fixing “Refused to Connect” Error

48 views
  1. Home
  2. /
  3. Support
  4. /
  5. Fixing “Refused to Connect”...

When embedding websites into your meetings, you may come across the error: “Source Refused to Connect.” What this error means is that the source website or web app (the one you’re trying to embed) does not have our website’s URL in their Content Security Policy (CSP). If you have access to the website’s htaccess configuration file, you can whitelist Etho to allow it to embed it into your meetings. Here’s how.

Prerequisites

In order for this to work at all, there are two prerequisites.

  1. The source URL must have a valid SSL/TLS (HTTPS) and be served over that secure connection.
  2. You have to have access to the source website’s configuration file.

Apache – Add Etho to Content Security Policy Header

In Apache, there is just one line you need to add to the source website’s .htaccess file in order to whitelist the web application to display the source URL in an iFrame embedded in your meeting.

  1. Connect to the source website’s files
  2. In the root directory, locate the hidden configuration file, .htaccess (usually in /public_html/)
  3. Save a backup of that file
  4. Add the following line of code OUTSIDE of any automatically-generated code in that file.

Header add Content-Security-Policy "frame-ancestors https://*.securedb.io;"

You may see things like # php -- BEGIN cPanel-generated handler, do not edit or # BEGIN WordPress in that file. Be sure to add this line OUTSIDE of the beginning and ending of those auto-generated lines. Otherwise, it may get overwritten.

Refresh your website in a fresh browsing tab. If everything works well there, return to your meeting and try to embed the source site again.

Nginx – Add LoopSpire to CSP Header

If you’re using Nginx, you’ll need to find the configuration file. By default you’ll find it in /usr/local/nginx/conf , /etc/nginx , or /usr/local/etc/nginx. 

Inside that file, locate the “server{}” block and add the following.
NOTE: Nginx requires these directives to end in a semicolon. That’s why you see two of them at the end.

add_header Content-Security-Policy "frame-ancestors 'https://*.securedb.io';";

Restart your server, if required, and test if it’s working. Then, return to your meeting and try to embed the source site again.