How to prevent breaking out of iframed chat room


I’m working on a task where we want to provide Rocketchat as a discussion task for students in a language course. We have everything setup and working fine. We create a dummy account, log them in and join a custom created channel. All this works well and the chat looks great in our course page.

However, there are a number of ways in which a student can break out of the chat channel and land in the rocket chat main page.

  1. One such way is for them to right click in the rocketchat iframe and choose ‘Back’.

  2. Another way is when a student creates a reply to an initial comment and then when the reply is entered and the window on the right side closed the main window’s list of other chat channels appears.

It is very important to us to keep students only in the chat channel and only there. Are there steps I need to take to ensure this? If we can’t prevent this then rocketchat is useless for our purpose.

Server Setup Information

We’re always running the latest rocket chat docker image. We have an intermediate Java servlet that is the middleware that manages rocket chat and does things like create accounts and channels.

Any additional Information

We have every other setting configured to only show the chat window and nothing but the chat window, which at least on the surface seems to work.


Good question!

Do either of these help?

If not I’ll have to go and ask.

As a FYI that isn’t really a great idea - there have been a number of instances where ‘latest’ tag was not updated correctly… in production you really should use a fixed version and upgrade when you are sure it is the right thing to do.

Hoi there,

The first link you gave is what I’ve been using mostly and it’s the note at the end that’s the clincher:

Note: If you want to stop users from accessing other channels, embedded layout alone will not work, since the user could change the URL of the embedded view via browser tools. For that you should edit the user permissions so they can’t see other channels

That seems to work in the sense that users can’t access channels they shouldn’t be allowed to. But they can still bring up the total list of channels we joined them in, plus other main window features. Ideally we prevent students from getting there as well, so literally just the chat window.

(Thanks for the docker tip, that helps a lot)

Let me check - I think you can do it but not sure how technically.

Need to ask the question.