Hey there @JackYang & @Michael_Purnell, my name is Spencer. I hope this message finds you well.
My company is currently trying to integrate the Zoom Web SDK into our SPA and need to configure CSP using nginx.
We have a functioning video chat when running locally, but as soon as we deployed the feature to our upper environments (which are all running on a higher level security protocol / HTTPS) we found a slew of CSP errors in our console. We found this thread and attempted addressing the CSP issues. Up to this point, we have updated our headers several times to allow all necessary Zoom connections, but to no avail. Below you can see our current CSP header taken from our security.conf file (nginx):
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'; connect-src 'self' *.zoom.us zoom.us wss://*.zoom.us; font-src 'self' 'data:'; script-src 'self' *.zoom.us zoom.us 'unsafe-eval'; worker-src 'self' 'blob:'" always;
With the update above, we now have other CDN’s being blocked and a variety of different CSP complaints in our Chrome Browser console:
Do you have a recommendation forward for configuring CSP in nginx for the Zoom Web SDK that won’t create issues with our other CDN’s?
Thanks so much in advanced and looking forward to hearing from you!