Console error - Missing OWASP Secure Headers:

rohan.rasane.adm · July 5, 2022, 11:03pm

While building the Zoom App, Im trying to call the deeplink api in my flow so that I can open my app in the Zoom client, but Im getting the console error 'Missing OWASP Secure Headers: [“Content-Security-Policy”]
I’m passing the security headers and I also have the domain in the allow list.
Here is the image that shows the headers that Im passing.

I assume that the user has to manually open the url that is received in the deeplink api url. The sample response looks like this

{“deeplink”:“https://zoom.us/launch/zoomapp/{some id}”}

daniel.fried · July 6, 2022, 5:51pm

Hi Rohan, can you confirm that these headers are provided when the “Home URL” of your app is requested?

Can you also provide the full value of your CSP?

Final note, I think that X-Frame-Option should be plural i.e. X-Frame-Options

Topic		Replies	Views
Missing OWASP Secure Headers - Redirection Problem Zoom Apps	2	660	October 17, 2022
Zoom app new window due to OWASP headers in third party source Zoom Apps	0	252	November 9, 2023
OWASP Header documentation missing? Zoom Apps	3	298	April 21, 2023
Newbie question running Zoom Apps sample Zoom Apps	13	891	June 27, 2022
Zoom Apps with a Flask Back-end Zoom Apps	3	682	June 27, 2022

Console error - Missing OWASP Secure Headers:

Related Topics