First, THANK YOU in advance to anyone who can assist me. I’m going crazy over this.
It’s my first time creating a Zoom app and I’m trying to access the zm-client.js script within my VUEjs Index page.
I keep getting a 403 error in the console -
GET ZOOM US DOMAIN/zapps/0.16.0/zm-client.js net::ERR_ABORTED 403 (Blocked)
ZoomService.js:7
- I’m loading the app only within Zoom.
- I have my domain in my Domain Allow List, although it does say “This domain requires review. Briefly explain your reason for using it.”. (I have a description entered, although I’m getting conflicting reports on whether or not this is needed just for Development.)
- Currently, the domain I’m using is for an NGROK paid account
- I do not get any OWASP header errors for my homepage URL value.
Here’s the OWASP headers I set through the command line when setting up the NGROK tunnel -
ngrok http 5173 --domain=XXXX --response-header-add=“Content-Security-Policy: default-src ‘self’; script-src ‘self’ ‘unsafe-inline’ DOMAIN LIST; style-src ‘self’ ‘unsafe-inline’; connect-src *; frame-ancestors DOMAIN LIST;” --response-header-add=“X-Frame-Options: ALLOWALL” --response-header-add=“Strict-Transport-Security: max-age=31536000; includeSubDomains” --response-header-add=“X-Content-Type-Options: nosniff” --response-header-add=“Referrer-Policy: origin”
I feel like I’m doing everything right but still get a 403 error in the console when trying to access the Zoom script in my app -
GET ZOOM US DOMAIN/zapps/0.16.0/zm-client.js net::ERR_ABORTED 403 (Blocked)
ZoomService.js:7
I have tried everything and hope someone can shine some light on this. Do I have to wait for my domain to be approved while in Development?
Thanks!