It seems like WebSocket connections are not working within the Zoom app, and Supabase real-time functionality is also not functioning properly

Zoom Apps
1

When i open the developer tools in Zoom In App, Safari appears, but there are no WebSockets at all in the Network tab, and there are no requests

Also, I’m using the real-time feature supported by Supabase, but it’s not working.

image
image1422×132 42.9 KB

// user-script.js

(function(){if (typeof window.WebSocket.isInAllowHostList === 'function') {return; }
function whiteListedWebSocket(realWebSocket) {
  var realURL = URL;
  return class WebSocket extends realWebSocket {
  static isInAllowHostList(hostName) { 
  var allowed_domain_list = ["ff25-183-96-188-173.ngrok-free.app","appssdk.zoom.us","eventcat.live","supabase.co","eventcat.com"];
  var ret = false;  for(var domain of allowed_domain_list) {
    if ('*' == domain[0]) {
      if (hostName.endsWith(domain.substr(1)) || domain.substr(2) == hostName) {
      ret = true;
          break;
      }
    }
    else {
      if (hostName == domain){
        ret = true;
        break;
      }
    }
  }
  return ret;
  };
  constructor(url,protocol) {
    var URLObj = new realURL(url);
    if ('wss:'!= URLObj.protocol) {
      throw 'Protocol is not valid';
    }
    var hostName = URLObj.hostname;
      if (!WebSocket.isInAllowHostList(hostName)) {
        throw 'URL is not valid';
      }
      super(url,protocol);
    }
  };
}
  window.WebSocket = whiteListedWebSocket(window.WebSocket);
})();
2

I encountered the same issue trying to use Supabase realtime in my zoom app and it took me way too long to figure out because the error is not very descriptive. I kept getting “URL is not valid” and thought that the URL might be malformed, which was not the case.

The supabase websocket endpoint has the following structure: wss://<PROJECT_ID>.supabase.co. So for it to work you need to have *.supabase.co in your domain allow list, not just supabase.co. Or for more granular security - replace the asterisk with your project ID specifically.

One can edit their domain allow list in the app developer dashboard under “Features > Surface”