It worked 2 days ago, but today some zoom addresses are not accessible and show the error Failed to load resource: net :: ERR_CERT_COMMON_NAME_INVALID
as attached image. Could you please help me?
Although we’ve noticed we’re only seeing certificate errors occasionally, we’re now noticing the Web SDK seems to be loading images via data:link example
which in turns triggers a content security policy issue on our end as we’re not allowing this.
This issue can only be reproduced on a deployed environment (ie not locally) where specific Content Security Policy rules are in place.
In this specific instance, we’re restricting the ability for the front end application to render images via data: as this exposes security concerns.
As per W3 recommendation it is strongly advised not to load images that way as it leaves it vulnerable to perform XSS type of attacks.
I wanted to check with you whether the Zoom SDK will carry on loading images that way knowing there are still some security exploits left or if you believe this can be addressed in a near future?