I’m facing OWASP headers issue when trying to redirect the user to third party source within a zoom app. (only in mac zoom client , in windows it works fine)
I guess these headers aren’t controlled by my site because it’s a third party vendor .
My site however returns the headers as follows :
<customHeaders> <add name="Strict-Transport-Security" value="max-age=31536000" /> <add name="X-Content-Type-Options" value="nosniff" /> <add name="Referrer-Policy" value="strict-origin" /> <add name="Content-Security-Policy" value="frame-ancestors 'self' https://zoom.us https://teams.microsoft.com/ https://auth.monday.com *.monday.com/;" /> </customHeaders>
And the error I get is :
Missing OWASP Secure Headers: [“X-Content-Type-Options”,“Content-Security-Policy”] for URL monday.com: Where Teams Get Work Done
when trying to move to this URL from within the zoom app.
I was advised to redirect the user to this link in a new window, However it seems like the Zoom app prevents me from doing so.
Any suggested solution will be welcomed , Thank you.