CORS issue when making an API call

I am creating one Zoom app, which is basically a react app, where on one page I am making a user log in, Now when I send a login call to my server, it returns with CORS error, I created a demo server locally with no CORS configuration, but the result remains same, I tried with some open APIs, still result remains same. Kind of making any request and the server is responding with CORS. How to fix this issue ?

Hi Viral - I had a similar experience. I had to setup a CSP (Content Security Policy) to allowlist URLs so that they wouldn’t be blocked. For example, I used firebase for my backend and had to add the needed URLs to the hosting headers.

example:

“hosting”: {

    "public": "dist",
    "headers": [
{
	"source": "**",
	"headers": [
		{
			"key": "X-Content-Type-Options",
			"value": "nosniff"
		},
		{
			"key": "Content-Security-Policy",
			"value": "default-src 'self' data: https://xxxxx.web.app https://identitytoolkit.googleapis.com  https://securetoken.googleapis.com;  etc...."
		},
		{
			"key": "Referrer-Policy",
			"value": "same-origin"
		}
	]
}

],

Also, make sure that when you are making any external api calls that it is coming from your server app and not your zoom app. zoom apps do not allow outside api calls.

Hope this helps.

Thank you for your help, but I was able to solve this issue by adding my server domain to Zoom Marketplace app configuration allowed domain list. But my server has cookie base auth, which need to set Http Only cookie at client side, which is not working as cookies are not getting set. Working on that issue now.

Glad to hear this is working, will help focus on the new issue issue in the new thread :smiley: