Hi,
This topic is just to share some potentially useful information for anyone facing integration issue for web isolation with their 3rd party solutions.
Could also be useful for you Zoom’s support, to recommend the use of the COEP credentialless origin trial for people who cannot implement web isolation yet.
[Problem recap]
For people who did not follow such topic, and to quickly recap the problematic situation:
- the Zoom Web SDK requires the shared array buffer features for the video to work
- the shared array buffer features is going to require the web isolation to be active
- the current origin trial to let the shared array buffer continue to work without the web isolation will end soon. This has recently been postponed to Chrome 96 - almost end of the year to buy some time, but still.
If in your application you are using any 3rd party solution that is not yet compliant with web isolation (returning the expected CORP headers in their response when you interact with their services), then you cannot implement the web isolation in your application.
In such situation, this means you would either loose the video on Zoom or have to remove the use of such 3rd : quite dramatic…
As an example, in our situation, we are using some Datadog packages (Web browser logs, RUM) to monitor our end user. (logs, RUM, traces) And Datadog services are not yet compliant with CORP. On our request they are currently working on it, but this would not be delivered before Q4 this year.
This mean either we loose the video on Zoom inside our application, or we loose our end user monitoring. None is acceptable.
If you are in such situation, you better start to contact your 3rd party solution company.
[COEP Credentialless to the rescue]
This is the situation, but good news, Google recently announced the release of a new origin trial that will enable us to activate web isolation without being fully compliant with CORP.
I’ll pass the details and let you read the few lines available here in case you want to understand how it’s going to release us from that burden.
The interesting part for this topic is the following paragraph:
[Conclusion]
So for any people facing the same situation as us, applying & using this new origin trial will buy you some time to be fully CORP compliant on your application. As i mentioned, if you have any 3rd party vendor that did not opt-in web isolation yet, you should also request them to do it.
It should definitely not be considered as a final solution and google mentioned it, it’s just to offer some time to any solution to opt-in.
It will at least unlock the current situation with the requirements made by the Web SDK.
Chrome 93 beta is already there is you want to test it.
Feel free to share you opinion / remarks if you have any.