CORS in the Whiteboard

lcsandrade · November 28, 2023, 1:04am

Meeting SDK Type and Version
Zoom Meeting SDK Web. Version 2.18.0

Description
I am having some CORS errors when using the Whiteboard. Whenever I start a new Whiteboard I get an “setting” CORS error, that doesn’t seen to affect anything, but whenever I make a comment I get another error and my comment doesn’t show up.

Error?
After making the comment I get a toast with the following message:
“A server error occurred. Try again later or if error persists, Contact Us for help.”

In the console:

Access to fetch at ‘https://us05nws.zoom.us/nws/das/api/v1/documents/feature/setting’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

After disabling CORS (I tested using the Allow CORS extension)
Access to fetch at ‘https://us05nws.zoom.us/nws/das/api/v1/documents/l_uOFCiQTbSpTsWPWDYfJw/pages/5755738980352/comments’ from origin ‘’ has been blocked by CORS policy: Request header field zm-scenario is not allowed by Access-Control-Allow-Headers in preflight response.

The setting error is pretty similar.

Troubleshooting Routes

Include header Access-Control-Allow-Origin: “*”
Turn off CORS completely
Add my ngrok redirect URL in the Allow List

How To Reproduce

Create and join a meeting
Start Whiteboard
Make a comment

imdadpg · November 30, 2023, 4:36pm

!

ChatGPT

Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers to control how web pages in one domain can request and interact with resources from another domain. It is designed to prevent potentially unsafe cross-origin requests.

In the context of a whiteboard application or any web application, if you are facing CORS issues, it means that the web page is trying to make requests to a different domain than the one that served the web page, and the server is not configured to allow these requests.

Here are some general steps you can take to address CORS issues in a whiteboard application:

Server Configuration:

Ensure that the server hosting the whiteboard application includes the appropriate CORS headers in its responses. These headers typically include Access-Control-Allow-Origin, Access-Control-Allow-Methods, and others.
Example in Node.js using Express:

javascriptCopy code

const express = require('express');
const app = express();

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
  res.header('Access-Control-Allow-Headers', 'Content-Type');
  next();
});

// Your routes and middleware here

app.listen(3000, () => {

system · December 31, 2023, 2:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Zoom Web SDK whiteboard file upload Web	12	383	March 22, 2024
Attendee can't open webinar "Resources" - POST blocked by CORS policy Meeting SDK	1	80	April 24, 2024
Access to XMLHttpRequest at 'av/1506_audio.encode.wasm' from origin 'https://web.vptsapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Meeting SDK	2	498	May 31, 2023
Cors error - Access-Control-Allow-Origin Web	8	3230	August 21, 2020
CORS error when using setVirtualBackground on the SDK Zoom Apps api , sdk	0	360	April 8, 2023

CORS in the Whiteboard

Related Topics