Missing OWASP Secure Headers

MyUsername · April 11, 2022, 3:01pm

Description
We are building a Zoom application that displays videos hosted on Cloudflare streams.

<iframe src="https://iframe.videodelivery.net/5d5bc37ffcf54c9b82e996823bffbb81?muted=true"></iframe>

I have added the relevant domains to the “Domain allow list”. Unfortunately, Cloudflare doesn’t seem to send all of the required OWASP Secure Headers.

How can I display Cloudflare streams in a my Zoom application?

Error
Missing OWASP Secure Headers: ["X-Content-Type-Options","Content-Security-Policy","Referrer-Policy"] for URL https://iframe.videodelivery.net/5d5bc37ffcf54c9b82e996823bffbb81?muted=true

MyUsername · April 12, 2022, 5:17pm

This seems to be the easiest way to add or remove headers before returning a stream: https://community.cloudflare.com/t/streaming-under-custom-domain/81008

gianni.zoom · April 15, 2022, 9:30pm

Hi @MyUsername , we are not familiar with Cloudflare usage in this context, but thank you for sharing this link. Please update our developer community with your findings

system · May 16, 2022, 7:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Facing this error "Missing OWASP secure headers" when building app API and Webhooks recurring-meeting , api	1	147	March 12, 2024
Cloud recording issue API and Webhooks	6	779	April 11, 2021
Embed cloud recording's URL via iframe doesn't seem to work API and Webhooks	5	1451	April 8, 2021
Downloading a video from the url returns soft 401 html page API and Webhooks	14	6171	August 21, 2020
Verify Zoom Webhooks using a CloudFlare Worker API and Webhooks	11	714	February 21, 2024

Missing OWASP Secure Headers

Related Topics