Using an integrity hash

jimmymarks · July 2, 2024, 4:30pm

My company is integrating zoom chat into an online banking application for a client.

We got the standard script:

<script
  data-chat-entry-id="your_entry_ID"
  data-apikey="your_apikey"
  data-el="#chat"
  src="https://us01ccistatic.zoom.us/us01cci/web-sdk/zcc-sdk.js"/>

And were told by the OLB provider that we needed to include an SRI Integrity Token to be in compliance with their security standards. We provided an Integrity hash, but quickly the chat stopped working because the hash was rendered invalid when the zcc-sdk.js updated. This same issue happened twice, which caused a lot of stress on the client.

My questions:

Is there some integrity check that can be done using Zoom’s resources that might satisfy the OLB provider?
Failing that, is there some way to bundle the .js resource so that we can include it with our build and still integrate w/ Zoom?

Additional insight or security details would be very helpful.

Topic		Replies	Views
Web Chat errors using zcc-sdk.js / Campaign embedded web tag - Not working Contact Center	2	1235	April 30, 2024
Web Chat errors using zcc-sdk.js / Campaign embedded web tag Chat	0	567	May 23, 2023
Chat does not show up in browser when using Campaign Contact Center	1	194	April 30, 2024
Zoom Contat Center API authentication \| Updating variables API and Webhooks webhooks , api	1	293	October 6, 2023
Zoom Chat bot config with OAuth Chat	13	753	April 21, 2023

Using an integrity hash

Related Topics