I’m trying to build a Zoom App to be able to play YouTube videos within Zoom. I wish to embed a YouTube video, and I’ve allowed youtube.com in my domain list. However, when I open my app in either my browser or the Zoom client, the box where YouTube is supposed to be embedded instead shows a white box and reads “This content is blocked; contact the site owner.” There has already been a forum post about this topic, and I tried the fix it suggested (which was to add the embedding domain into the allow list) but that didn’t work. Can someone please help me resolve this?
Here’s my embed code:
p You're viewing your Zoom App through the browser.
a(href=`/install`) Click Here
| to install your app in Zoom.
iframe(width="420" height="315" src="https://www.youtube.com/embed/tgbNymZ7vqY")
Are there any console errors here that might indicate what’s happening? I expect you will need to put an unsafe-eval or unsafe-inline in the CSP header you’re using.
Likewise, you mentioned there was a solution in another post. Can you link that post here?
Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "default-src self". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
Content Security Policy (CSP) headers are set on the response coming from the backend server. In this case, you need to add another domain to the frame-src portion. Generally this is done in server middleware.
Thank you very much for your help. I have my iframe working in the browser.
However, when I open my app in Zoom, the iframe does not show up.
According to the network console, the request is processed with an HTTP 403 error.
Here is the code I use to embed my YouTube video into Zoom:
if isZoom
p Welcome to your Zoom App
iframe(width="60%" height='600' src="https://www.youtube.com/embed/c6XHSwrUbeQ")
My app isn’t published yet; I’m still developing it using ngrok as a server. As a matter of curiosity, how would I deploy my app when I’m finished developing it?