Zoom Apps Configuration
- Zoom App (Client-side, embedded in Zoom client) (meeting side panel)
- @zoom/appssdk": “^0.16.31”
- Next.js 15.3.5
- TypeScript
Description
On only Windows machines (not Mac), we are getting a CORS policy issue of “No ‘Access-Control-Allow-Origin’ header is present on the requested resource”. The request URL domain and origin/referrer listed for the failed requests have been added to our Domain Allow List here: Build your app --> Features --> Surface --> Domain Allow List. However, this is not a published app (locally tested), and the domains added to that list show “This domain requires review.” This message has been there for awhile and the “review” status never clears. We own the domains in question, and they are accessible on the Windows machine when tested outside of the Zoom App.
Errors
- “UnifyWebView: HTTP status 403”
Access to fetch at … from origin … has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Troubleshooting Routes
-
curl to the API works on both Mac and Windows
-
Same Zoom version (6.6.11) on both platforms
-
Windows Firewall allows Zoom
-
No proxy or security software blocking requests
-
Origin header is correct
-
Issue occurs on all Windows machines tested
-
Response headers are empty on Windows (request blocked at webview level, never reaches server)
-
Mac Zoom client worked even before the domains were added to the Domain Allow List
How To Reproduce
- Start Zoom meeting
- Add the Zoom App in question
- Authorization goes through just fine.
- Subsequent calls to internal api (on Domain Allow List) are blocked by CORS policy issue.