Hello, I have created a Zoom app by cloning the Zoom sample app repository(zoom/zoomapps-texteditor-vuejs). I have added firebase auth in the same app. The app works perfectly fine on Mac machines but gives firebase errors on Windows.
By following some of the forum threads, I have added these urls to domain allow list:
securetoken.googleapis.com
firebaseinstallations.googleapis.com
firebase.googleapis.com
identitytoolkit.googleapis.com
I have also added following CSP headers in index.ts of zoom/zoomapps-texteditor-vuejs/server:
app.use(
helmet({
frameguard: {
action: ‘sameorigin’,
},
hsts: {
maxAge: 31536000,
},
referrerPolicy: {
policy: ‘same-origin’,
},
crossOriginEmbedderPolicy: false,
contentSecurityPolicy: {
directives: {
‘default-src’: [“‘self’”],
‘connect-src’: [
“‘self’”,
‘https://identitytoolkit.googleapis.com’,
‘https://firestore.googleapis.com’,
‘https://zoom.us’,
‘https://.zoom.us’,
'https://.googleapis.com’,
],
‘img-src’: [
“‘self’”,
‘data:’,
‘https://www.google.com’,
‘https://.google.com’,
'https://.gstatic.com’,
],
‘script-src’: [
“‘self’”,
“‘unsafe-inline’”, // Only if you’re using inline scripts (consider removing in production)
‘https://appssdk.zoom.us’,
‘https://www.gstatic.com’,
],
‘style-src’: [
“‘self’”,
“‘unsafe-inline’”,
‘https://fonts.googleapis.com’,
],
‘font-src’: [“‘self’”, ‘https://fonts.gstatic.com’],
‘frame-src’: [“‘self’”],
},
},
})
);
Still getting errors like(While testing locally):
a393-103-215-148-71.ngrok-free.app/:1 Refused to load the image ‘https://www.google.com/images/cleardot.gif?zx=yzoh3m6oc8mm’ because it violates the following Content Security Policy directive: “img-src ‘self’ data: https://4aa5-103-215-148-68.ngrok-free.app”.
a393-103-215-148-71.ngrok-free.app/:1 Refused to load the image ‘https://www.google.com/images/cleardot.gif?zx=yzoh3m6oc8mm’ because it violates the following Content Security Policy directive: “img-src ‘self’ data:”.
index.e5864361.js:219 [2025-05-06T09:13:07.456Z] @firebase/firestore: Firestore (10.14.1): Could not reach Cloud Firestore backend. Connection failed 1 times. Most recent error: FirebaseError: [code=unavailable]: The operation could not be completed
This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend.
Had added some logs while I was debugging, error occurred at this line:
const querySnapshot = await getDocs(userQuery);
Any help would be greatly appreciated, stuck at this point since a long time.