We are developing the integration for the ClixieMedia. We are able to show the Clixie application within the Zoom client, but some of the styles are not applied correctly.
@development4 How are you importing the styles that are blocked? Do you see any errors in the JS console? For the most part, you should see that you can use styles from the same origin but you need to include any external styles in the style-src directive.
the page being rendered does include some external CSS and JS files. But I have included them into the CSP header.
One issue I have is not having the ability to review what policy failed. In the browser, I usually do this using the console from the developer tools, but in the Zoom Client I do not have access to this.
Is there any other way to review the console, or at least the policy violations, in the zoom client?
the styles are still not being applied in the clixie app integration. But I was able to activate the CSP reporting capabilities, and now I receive the CSP violations to review them.
Also, our video player library that is stored in AWS S3/Cloudfront, in the server d2ywhs8rofwyum.cloudfront.net, we cannot load it by applying the CSP directive.
What can we do with these cases that cannot be bundled?
Added the configuration for the font. It’s working now.
The issue we have is with the additional domains: for instance, we use d2ywhs8rofwyum.cloudfront.net (from AWS) to serve some of our static JS libraries. But when added to the app configuration (on the app marketplace), it appears the following message:
@development4 this is what I linked to before about cdn’s not being allowed. The zoom team said they were looking into that, so maybe something will change. In the meantime, I’m just bundling all of my dependencies manually using a build tool instead of serving things through a cdn.
Thanks for the responses. I already moved out the scripts from that CDN, so the JS is being loaded.
I still have some issues, though.
For development, I added the url clixiedev-alf-resp.ngrok.io in the marketplace configuration page, but it says:
Domain violates Zoom App Marketplace domain policy. Reason: Developer tools should be removed before publishing the app.
I get that those domain should not be configured when launching the app in production. But for development? What can I do to include ngrok sites i use for dev?
I’m getting that error too but I can’t tell if it’s actually interfering with the app running in development. Have you confirmed that its actually an issue?