Cookie blocked and login to Zoom is not possible after the updating to Chrome version 80.0.3987.132

Hey @hernantorrisi,

May I ask your use case? I will try to come up with an alternate solution.

Thanks,
Tommy

Thanks @tommy
It’s a web based presentation tool that syncs content with all users in a session. It’s like a powerpoint where content is controlled by the presenter but each user can see and interact with it on their own devices.
We want to integrate with Zoom by hosting both or the same browser window. This way it will be simpler for our users to control both the presentation and Zoom at the same time.
We are running Zoom on an iframe that floats over the content or can be docked on the right side of it.
Everything is working right now on Chrome, except that this new SameSite cookie policy is not allowing us to run Zoom on an iframe correctly.
I hope this information is useful. If you need anything else, please let me know.
Thanks again,
Hernan

1 Like

Starting meetings is not supported inside an iFrame, unless you sign in. That is the designed functionality.

Hello @tommy. Is there any reason to not make it easier to start meetings inside an iFrame as host? The browser still prompts the user to open Zoom, so there doesn’t seem to be a privacy/security risk.

In our use case we want any member of an online community to be able to start a meeting that is created via the API. They can do this as a meeting participant but the start-as-host link will not work this way.

Here’s an example you can try where the participant button that you see will work: https://qiqochat.com/meet/Lucas_Cioffi
However if you were the admin, you’d also see a join-as-host button which opens Zoom in an iframe which does not work. Instead this pops up in the JS console (Version 80.0.3987.149, Official Build, 64-bit):

The Content Security Policy ‘default-src blob: ‘self’; script-src ‘unsafe-eval’ ‘unsafe-inline’ blob: https://.50million.club https://.adroll.com https://.cloudfront.net https://.google.com https://.hotjar.com https://.zoom.us https://.zoomus.cn https://.zopim.com https://ad.lkqd.net https://ajax.aspnetcdn.com https://apiurl.org https://appsforoffice.microsoft.com https://assets.zendesk.com https://bat.bing.com https://cdn.5bong.com https://cdn.jsdelivr.net https://cdncache-a.akamaihd.net https://code.jquery.com https://connect.facebook.net https://consent.trustarc.com https://extnetcool.com https://fp166.digitaloptout.com https://googleads.g.doubleclick.net https://intljs.rmtag.com https://pi.pardot.com https://px.ads.linkedin.com https://ruanshi2.8686c.com https://rum-static.pingdom.net https://s.dcbap.com https://s.yimg.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://secure.myshopcouponmac.com https://snap.licdn.com https://sp.analytics.yahoo.com https://srvvtrk.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://translate.googleapis.com https://trk.techtarget.com https://unpkg.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d.adroll.mgr.consensu.org https://serve2.cheqzone.com https://*.ada.support ‘self’; img-src https: blob: data: ‘self’; style-src https: ‘unsafe-inline’ ‘self’; font-src https: data: ‘self’; connect-src * data: ‘self’; media-src * blob: ‘self’; frame-src https: ms-appx-web: zoommtg: zoomus: ‘self’’ was delivered in report-only mode, but does not specify a ‘report-uri’; the policy will have no effect. Please either add a ‘report-uri’ directive, or deliver the policy via the ‘Content-Security-Policy’ header.

As API users, we pay by the minute, so if you can make it easier for our users to start these kinds of meetings as host, then you will get more minutes purchased by us. This is a critical bug for us. Thank you for your consideration!

Hey @hernantorrisi,

What exactly is failing? Please provide your iFrame code. Remember, you cannot use iFrame to start meetings, only join them.

Thanks,
Tommy

Hey @lucas.cioffi, we are investigating if there is an easier way to embed Zoom into an iFrame.

You cannot start meetings with an iFrame. Meetings must be started via the start_url or from the Zoom Client or Web Portal.

Thanks,
Tommy

Thanks Tommy, I am aware of that part. We have covered that already on this thread before.
As I explained on my last message, we are only blocked by the Google SameSite cookie policy.
Can you set your Chrome cookies to enabled ( SameSite by default cookies and Cookies without SameSite must be secure) and try logging in on the iframe inside this demo link?

You’ll see you won’t be able to login at all.

Hello @tommy, it’s great to hear that you’re investigating ways to embed Zoom into an iFrame.

FWIW, this is how we have been enabling users to start Zoom meetings as host for the past few years…

With a Rails app, we update a hidden iframe’s src attribute using JQuery:
$('#zoom_iframe').attr('src','<%= @meeting["start_url"] %>');

Then the Zoom desktop/mobile app opens. This still works in Firefox 74 but not in the latest Chrome as of this week.

Hey @hernantorrisi,

This is intended. You cannot login to Zoom inside iFrames.

Thanks,
Tommy

Happy to hear you found a work around @lucas.cioffi.

If you are trying to open the Zoom Client directly, you can also use these urls:

-Tommy

@tommy you asked about our use case before to see if you could help us with a workaround.
I want to make sure that, in conclusion, there is no workaround. On an iframe, there is no way for users to host a meeting. Is that correct?
Thanks

Hey @hernantorrisi,

Correct, there is no way for users to start a meeting on an iFrame.

Work around would be to use OAuth to Create Meetings on their behalf, and have the host of the meeting start it via the start_url. Then you can use the iFrame or Web SDK to join that meeting.

Thanks,
Tommy

@tommy got it.
What I’m not sure I understand is why it works right now. It stopped working with Chrome’s updated cookie policy.
When you say there is no way, do you mean you are not officially supporting it and not planning on fixing the Chrome issue in the foreseeable future?
Thanks again for all your help!

1 Like

Hey @hernantorrisi,

The Zoom Web Client was never designed to be embedded into an iFrame.

Obviously there is lots of demand for a way to easily embed Zoom into an iFrame, and we are discussing official ways to do that, which will probably end up being a little different than how people are doing it now. :slight_smile:

Thanks,
Tommy

@tommy that sounds promising! Can’t wait to hear more about it :slight_smile:
Thanks for everything.

1 Like

Happy to help! :slight_smile:

Will keep you updated!

Thanks for your patience,
-Tommy

Hey Tommy,
Does that imply that the ability to show Zoom meeting via the iFrame will be dropped completely?

Hey @elearningevolve,

No not dropped. The way to do it now won’t be affected, there will just be an additional, improved way.

Thanks,
Tommy

Sounds to be super cool, will be waiting for this. Please update us as well.

1 Like

Will do @elearningevolve! :slight_smile:

-Tommy

Dear Tommy,

i am facing the same issue as i tried your code but it shows a blank page on my site. Would it be because i’m using wix.com to edit? if yes, do you have a clue which iframe code will fit here?