We have a pipeline where our Zoom-using clients create cloud recordings, share the recordings, and copy the link into a field in our application, which embeds the recording into an iframe. Our application requires this behavior, as it is necessary for us to ensure that end-users view the recordings in order to receive educational credit. We support several meeting providers, and Zoom’s meetings are failing to play embedded in an iframe on Chrome. We have determined that this is a SameSite issue (disabling this solves the issue). We have searched all documentation relating to the SDK, but cannot find the recommended way to embed cloud recordings into our application. While it is straightforward to embed the meeting itself (while occurring), it doesn’t appear the SDK is built to allow embedded recordings. We can use the SDK to retrieve information about recordings from an authenticated account, but using authenticated accounts in our workflow wouldn’t be possible. The education provider needs to be able to embed their recorded meeting content.
The most straightfoward way would be to embed the meeting recording link directly, but this breaks. Secondarily, to use an SDK would also be ok, if available. The same meeting links work just fine directly in a tab. In an iframe, a 403 error occurs when attempting to retrieve the media (mp4) of the meeting itself. Analysis with Chrome shows the embedded cookies have issues, and are not valid within this context.
In contrast, a similar issue exists with YouTube if you do not use the proper /embed/ URL
Iframe embedded cloud recordings will not play in Chrome due to SameSite issues
To Reproduce(If applicable)
Steps to reproduce the behavior:
- Create Meeting Recording
- Share meeting and determine recording link URL
- Embed link URL into iframe
- Be unable to play recording
Available by request. Need sanitization guidance
Smartphone (please complete the following information):
- Device: Any Windows or macOS
- Browser: Chrome with SameSite changes from 2020
Works on other browsers without the SameSite change, including Mobile browsers. Works when SameSite is disabled in Chrome for temporary testing purposes.