I’m having similar issues as well, where I’d like to render my company’s page in the zoom client, but the assets are delivered by a CDN. And unfortunately, the CDN domain (cloudfront) is blocked by the Zoom App Marketplace.
Any way we can get an update on how to solve this issue?
We’re facing the same issue after migrating to GCP. Trying to add storage.googleapis.com to the allowed domain list and getting the same issue. Users are now unable to upload or download any files on our app. Can you please suggest what to do here @MaxM?
This would at least unblock you and start loading the script. The downside is that you may have to add rules for each such domain individually and need to update the frontend as well to point to the new address. Also, script load time would be slightly longer now.
Yes, a generic storage API as a proxy would also work. I did not want to do a new backend deployment. Moreover, my proxy solution helps me separate server load with static files and storage load when we hit the scale. I can keep a dedicated server just for proxy traffic without interfering with my primary server traffic.
The real problem is, why is Zoom not allowing access to certain domains? If this was for security, the domains can any which ways be reached via the above methods. Why make it hard for developers in the approval process?
This is a great question. I think overall the decision was made to prevent bad actors from adding user-generated to the Zoom Client but as you mentioned there are methods to get around this restriction. However, in most cases that requires a change to a backend component rather than frontend code. In other words, there is another layer of security.
I’ve posed this question to our marketplace team to see if I can gain further information or we can make any changes in this regard.
Hi @MaxM Any update on this? I am using a third party library which uses storage.googleapis.com to host some of their content and this domain is being blocked by the Zoom client. I cannot modify their script. Appreciate any help here.
This issue is being actively discussed by our leadership and product teams. They are working towards a solution and we will implement it once we have finalized our plan.
Unfortunately, that is the extent of information that I have available at this time but we are working on a solution for this.