CORS in the Whiteboard

Meeting SDK Type and Version
Zoom Meeting SDK Web. Version 2.18.0

I am having some CORS errors when using the Whiteboard. Whenever I start a new Whiteboard I get an “setting” CORS error, that doesn’t seen to affect anything, but whenever I make a comment I get another error and my comment doesn’t show up.

After making the comment I get a toast with the following message:
“A server error occurred. Try again later or if error persists, Contact Us for help.”

In the console:

Access to fetch at ‘’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

After disabling CORS (I tested using the Allow CORS extension)
Access to fetch at ‘’ from origin ‘’ has been blocked by CORS policy: Request header field zm-scenario is not allowed by Access-Control-Allow-Headers in preflight response.

The setting error is pretty similar.

Troubleshooting Routes

  • Include header Access-Control-Allow-Origin: “*”
  • Turn off CORS completely
  • Add my ngrok redirect URL in the Allow List

How To Reproduce

  1. Create and join a meeting
  2. Start Whiteboard
  3. Make a comment



Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers to control how web pages in one domain can request and interact with resources from another domain. It is designed to prevent potentially unsafe cross-origin requests.

In the context of a whiteboard application or any web application, if you are facing CORS issues, it means that the web page is trying to make requests to a different domain than the one that served the web page, and the server is not configured to allow these requests.

Here are some general steps you can take to address CORS issues in a whiteboard application:

  1. Server Configuration:
  • Ensure that the server hosting the whiteboard application includes the appropriate CORS headers in its responses. These headers typically include Access-Control-Allow-Origin, Access-Control-Allow-Methods, and others.
  • Example in Node.js using Express:

javascriptCopy code

const express = require('express');
const app = express();

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.header('Access-Control-Allow-Headers', 'Content-Type');

// Your routes and middleware here

app.listen(3000, () => {

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.