Cannot connect to websocket in Zoom App


I am trying to connect to websocket from the Zoom App.
I have added “content-src” header as written in docs and in sample app.
While trying to connect I received “URl is not valid” error and no socket connection is visible in network.

The headers I have added:

Content-Security-Policy: connect-src * 'self' wss://{WSurl}/wsconnect

The {WSurl} is proper url as I am able to connect from the browser, even from Safari.

I also added all OWASP headers from the documentation.

Is there any other headers which I should add besides the mentioned one or maybe there is another way to whitelist my websocket url ?

Double-check URL formatting:

Ensure there are no typos or extra spaces in your wss://{WSurl}/wsconnect URL.
Verify that the hostname ({WSurl}) matches the actual server you’re trying to connect to.
Use browser developer tools (e.g., Network tab) to inspect the exact URL your browser uses for successful connection and compare it to your Zoom App implementation.
2. Review content-security-policy directive:

While connect-src * generally allows all connections, it’s best practice to be specific for security reasons. Try replacing * with the exact hostname and port of your websocket server:
Content-Security-Policy: connect-src wss://{WSurl}:{port}
Replace {port} with the actual port number used by your websocket server.
3. Consider browser compatibility:

While your browser connects successfully, there might be differences in how Zoom Apps handle websockets compared to traditional browsers. Double-check if any known browser or Zoom App-specific limitations apply to websocket connections.
4. Inspect network requests:

Use Zoom App debugging tools (if available) or browser developer tools to inspect network requests during the connection attempt. Look for any error messages or blocked requests that might provide clues about the specific issue.
5. Check Zoom App security:

Ensure your Zoom App has the necessary permissions to access websockets. Refer to Zoom App documentation for details on permission requirements for websocket connections.
6. Consult Zoom App support:

If the above steps don’t resolve the issue, reach out to Zoom App support for further assistance. They can provide more specific guidance based on your app’s configuration and potential limitations within the Zoom App environment.

Hey @hayk.grigoryan , @sehartalokar ,

Make sure you have added the websocket URL to the allow list section (not the OAuth section):