Unable to play cloud recordings shared in iframe

Description
We have a pipeline where our Zoom-using clients create cloud recordings, share the recordings, and copy the link into a field in our application, which embeds the recording into an iframe. Our application requires this behavior, as it is necessary for us to ensure that end-users view the recordings in order to receive educational credit. We support several meeting providers, and Zoom’s meetings are failing to play embedded in an iframe on Chrome. We have determined that this is a SameSite issue (disabling this solves the issue). We have searched all documentation relating to the SDK, but cannot find the recommended way to embed cloud recordings into our application. While it is straightforward to embed the meeting itself (while occurring), it doesn’t appear the SDK is built to allow embedded recordings. We can use the SDK to retrieve information about recordings from an authenticated account, but using authenticated accounts in our workflow wouldn’t be possible. The education provider needs to be able to embed their recorded meeting content.

The most straightfoward way would be to embed the meeting recording link directly, but this breaks. Secondarily, to use an SDK would also be ok, if available. The same meeting links work just fine directly in a tab. In an iframe, a 403 error occurs when attempting to retrieve the media (mp4) of the meeting itself. Analysis with Chrome shows the embedded cookies have issues, and are not valid within this context.

In contrast, a similar issue exists with YouTube if you do not use the proper /embed/ URL

Error
Iframe embedded cloud recordings will not play in Chrome due to SameSite issues

Which version?
N/A

To Reproduce(If applicable)
Steps to reproduce the behavior:

1. Create Meeting Recording
2. Share meeting and determine recording link URL
3. Embed link URL into iframe
4. Be unable to play recording

Screenshots
Available by request. Need sanitization guidance

Smartphone (please complete the following information):

• Device: Any Windows or macOS
• Browser: Chrome with SameSite changes from 2020

Additional context
Works on other browsers without the SameSite change, including Mobile browsers. Works when SameSite is disabled in Chrome for temporary testing purposes.

Screen Shot 2020-09-03 at 7.08.14 PM1706×624 54.2 KB

Making this change causes recordings to work, but is necessary on a per-client basis, and thus is not an option.

If at all possible, if Zoom was to:

1. Add a setting with cloud recordings permitting embed as an option
   OR
2. Assume everyone wanted to be able to embed

This would solve the issue.

The technical way to accomplish this would likely be to set the relevant cookies to SameSite None.

For known incompatible browsers that don’t support the None property:

As this content is likely to be used on third party sites in most use cases, it makes sense to set the cookie SameSite to None, rather than Lax or other options.

The most ideal situation would of course be a setting when sharing the recording that enables embed functionality (perhaps on by default).

Hey @michael.moody,

Checkout my post here:

Let me know if that helps answer your question.

Thanks,
Tommy

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.