“Missing OWASP secure headers” error in zoom client mac

We are getting this error on Mac client on windows it works fine.

please help us to fix the issue we are using react frontend and Django backend.
its really urgent :slight_smile:

Hi, hope you will be fine.

You need to add OWASP headers e.g below is nextjs config how to add those

/** @type 
{import('next').NextConfig} */

const ContentSecurityPolicy = `
  script-src 'self' https://appssdk.zoom.us/sdk.js 'unsafe-eval' 'unsafe-inline';
  style-src 'self' ${process.env.ZOOM_REDIRECT_URI}  'unsafe-inline';
  font-src 'self';  

const headers = [{
    key: 'Strict-Transport-Security',
    value: 'max-age=63072000; includeSubDomains; preload'
    key: 'Content-Security-Policy',
    value: ContentSecurityPolicy.replace(/\s{2,}/g, ' ').trim()
  }, {
    key: 'X-Content-Type-Options',
    value: 'nosniff'
  }, {
    key: 'Referrer-Policy',
    value: 'same-origin'
    key: 'X-Frame-Options',
    value: 'SAMEORIGIN'
    key: 'frameguard',
    value: 'sameorigin'

const nextConfig = {
  compress: true,
  reactStrictMode: false,
  async headers() {
    return [{
      // Apply these headers to all routes in your application.
      source: '/:path*',
      headers: headers,
    }, ]
module.exports = nextConfig

Hey @freelancer.nak,

thanks for the response, where should i add these header on the server or in my client side react app?

@MaxM please see this it shows even warning here during creating and when i run in client i get console error it working on windows but not in mac.

Apologies for the delay in getting back to you. It sounds like headers may be set conditionally in a way that excludes MacOS and other browsers. Try this from a MacOS browser:

  1. Open Dev Console
  2. Click Network tab
  3. Click webpage
  4. Select the header tab
  5. Look for OWASP headers

Are you seeing the headers when you check from the dev console of a regular browser? How about when you check from the Zoom App?