Can't load a script from a cdn?

I am trying to load lodash via a cdn and am getting the following error.

Does this mean that we can’t use any cdns at all?

Domain violates Zoom App Marketplace domain policy. Reason: Domain permits serving user-generated content.

https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.4/lodash.min.js

The domain should be added to “domain allow list” in marketplace build flow (where you configure your app).

For example, if I am loading SDK from CDN https://appssdk.zoom.us/sdk.js , I would add it like this

Thanks Narmada, that’s where I was adding it and where I was seeing:

Domain violates Zoom App Marketplace domain policy. Reason: Domain permits serving user-generated content.

@RostislavR We’re checking with our security team and will update you when we have more info.

1 Like

We recently started noticing the same for our CDN. In our case it is against cloudfront.net.

Same now with trying to load preact from a cdn.
https://unpkg.com/htm/preact/standalone.module.js

So basically our only option is to serve all files ourselves?