Cross Origin Isolation Guidance

victor.aprea · July 7, 2021, 4:19pm

Zoom Dev team, this Cross Origin Isolation business is all very foreign to my team. I went so far as to try and follow the guidance of adding the requisite headers to our NGINX configuration and registering our domain for SharedArrayBuffers origintrials:

add_header ‘cross-origin-resource-policy’ ‘*’;
add_header ‘Cross-Origin-Embedder-Policy’ ‘require-corp’;
add_header ‘Cross-Origin-Opener-Policy’ ‘same-origin’;

But that seems to break a lot of diverse features of our application, even something as simple as Google Login. We get a variety of failures in the devtools console like this as an example:

GET https://player.vimeo.com/api/player.js net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep

Is there some way we can get more hands-on support for making Zoom work in our application without breaking the rest of our application, or for helping us make the rest of our application continue to work given these new constraints? Please advise.

vic.yang · July 8, 2021, 7:46am

Hey @victor.aprea

Thanks for your feedback.

You can apply an origin trial first, Chrome team is still working on the new policy for SharedArrayBuffer.

Thanks
Vic

system · August 7, 2021, 5:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Struggling with sharedbufferarray and CORS Web	18	1359	June 23, 2023
Cross-Origin Access Issue Following Upgrade to Zoom WebSDK Web	2	215	June 23, 2023
Need support for implementing Cross Origin Isolation and Credentialless Headers in the server Web	2	716	July 10, 2022
[Chrome] Shared array buffer + web isolation + 3rd solution integration : COEP Credentialless to the rescue Web	9	2342	October 22, 2021
Cross Origin Isolation - Angular meetingsdk-sample-angular Web faq	4	1697	October 8, 2021

Cross Origin Isolation Guidance

Related Topics