Meeting SDK Web – Whiteboard blocked: us06nws.zoom.us DAS API CORS missing for domain and localhost (join OK, SDK 3.12 / 6.0.2)

Hi Team,

We embed Zoom Meeting SDK for Web (Client View) in our learning platform. Joining meetings works, but in-meeting whiteboard fails in all environments(When opening whiteboard meeting closed for meeting joinees).

The browser blocks cross-origin calls from our app to Zoom’s whiteboard DAS service on us06nws.zoom.us because the OPTIONS preflight response does not include Access-Control-Allow-Origin (and related CORS headers).

This issue started around last week (approximately 16/May/2026). It affects production, QA, dev, and local development. We only changed Kubernetes ingress in production; QA/dev were unchanged. The same error occurs locally with the latest Meeting SDK (6.0.2) and on production with SDK 3.12.0, so we believe this is a Zoom us06nws DAS / CORS configuration or regression, not our reverse proxy

Affected origins (domains)

Our learners join meetings from these origins (HTTPS unless noted):

Environment Origin
Production (Wayvida) https://web.wayvida.com
Production / UAT (Edusite learners) https://wta.myedusite.com (and other *.myedusite.com learner join URLs — [e.g. qa-wta.myedusite.com]
Local development http://localhost:5173 (Vite)

Please enable / restore CORS for Meeting SDK embedded whiteboard for all production *.myedusite.com and web.wayvida.com origins we use for in-meeting join.

SDK / environment

Item Value
Product Zoom Meeting SDK for Web (Client View)
Production SDK https://source.zoom.us/3.12.0/ui/ (e.g. zoomus-websdk-main-client.umd.min.js)
Local / latest test @zoom/meetingsdk → assets from https://source.zoom.us/6.0.2/lib/av/
NWS / DAS host us06nws.zoom.us
Browser Chrome 148 (macOS); reproducible across environments
Request header (prod) ZM-SCENARIO: PWA in-meeting

Expected behavior

Whiteboard should load and DAS APIs should be callable from our embedded origins without CORS errors (as before [insert date when it last worked]).


Actual behavior

UI: “Failed to retrieve user information” / “Unable to load this whiteboard” / connection error (e.g. s-code-a93b4930c3-…).

Browser console (representative):

Access to fetch at ‘https://us06nws.zoom.us/nws/das/api/v2/users

from origin ‘https://wta.myedusite.com’ has been blocked by CORS policy:

Response to preflight request doesn’t pass access control check:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Same pattern from http://localhost:5173:

from origin ‘http://localhost:5173’ … us06nws.zoom.us/nws/das/api/v2/users … No ‘Access-Control-Allow-Origin’

Follow-on SDK errors:

  • get confId or mmrToken failed (whiteboard-sdk.js)

  • Failed to fetch (comment-ui-deps-*.js)

  • GET …/api/v2/users net::ERR_FAILED


Failing endpoints (all on https://us06nws.zoom.us)

  • OPTIONS / GET /nws/das/api/v2/users

  • OPTIONS / GET /nws/das/api/v1/user/settings/key?key=canvas_setting

  • OPTIONS / GET /nws/das/api/v1/user/settings/key?key=toolbar_setting

  • OPTIONS / GET /nws/das/api/v1/documents/{docId}/meeting/detail?confId={confId}&mmrToken=…

Preflight fails: no Access-Control-Allow-Origin on OPTIONS response. Some GETs may return 200 but are unreadable by JavaScript due to CORS.

What works vs what fails

Feature Status
SDK init / join meeting Works
Video / audio / screen share Works
Telemetry to us.telemetry.zoom.us Occasionally CORS noise on localhost (separate; not blocking join)
In-meeting whiteboard (DAS on us06nws) Fails – CORS

Whiteboard in the native Zoom desktop client for the same meeting: **[Yes / No – please fill in after test]

Request**

Please confirm whether CORS for Meeting SDK embedded whiteboard on us06nws.zoom.us DAS API v1/v2 is correctly configured for:

If this is a known regression, please provide ETA or workaround.

We can provide HAR files, screenshots, and additional *.myedusite.com hostnames on request. Auth tokens (wbk, cgk, mmrToken) are sent by the SDK; not included in this ticket.


Contact

  • Name: Vishnu Gopal

  • Email: vishnu.gopal@wayvida.com

  • Zoom account / Marketplace app: Wayvida-Live / ObZvSj9tQpG5BeQpwKWauw

  • Company: Wayvida

Hey @Wayvida

Thanks for your feedback.

We had an incorrect configuration during last week’s web backend deployment, which caused the CORS error. We fixed it on May 20. Could you check whether you are still seeing this issue?

Thanks
Vic