Hi! I am embedding Zoom CDN into a CRM portal (Salesforce) where I have whitelisted all the script tags Zoom needs. Whitelisting gives certain levels of CSP policies for those URLs, mainly “script-src”
One CSP Policy the portal does not allow is worker-src. This is problematic because the react-dom plugin used by zoom utilizes Web Workers which fails and causes a "Join meeting timeout" error from Zoom.
HOWEVER If I click “Retry” on that timeout message, the meeting will load without issue.
My question is: Is there a way to embed zoom, or load react-dom without web workers referenced by the plugin? It seems like there is some sort of fallback method that is called on retry.
Refused to create a worker from ‘blob:https://…’ because it violates the following Content Security Policy directive: "script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’ (whitelisted urls here). Note that ‘worker-src’ was not explicitly set, so ‘script-src’ is used as a fallback.
Smartphone (please complete the following information):
- Device: Mac Laptop
- OS: High Sierra
- Version: 10.13.6