Zoom SDK ver 2.9.5 with credentialless headers does not work on firefox

Description
Using Zoom SDK ver 2.9.5 with credentialless headers does not work on firefox. Hence, It was stated on the latest changelog on https://marketplace.zoom.us/docs/sdk/overview/websdk-gallery-view/#overview , that the sharedArrayBuffer should be working on both chrome and firefox.

I applied the instruction on https://marketplace.zoom.us/docs/sdk/overview/websdk-gallery-view/#implementing-credentialless-headers, but it only works on chrome and edge.

Which Web Meeting SDK version?
Meeting web SDK ver 2.9.5

Screenshots

Screenshot 2022-12-22 at 11.17.27 AM1696×1241 338 KB

Hi, all the available different options to fix the gallery view are described → here.

Hi @freelancer.nak , Yes, it was completely working on chrome and edge browsers as expected, But have you tried to test it using firefox with credentialless headers? Thanks

Yes, it is working also with firefox

Screenshot 2022-12-22 at 2.03.32 PM1920×1357 58.7 KB

I’ve already set the following headers such as:

Cross-Origin-Embedder-Policy: credentialless
Cross-Origin-Opener-Policy: same-origin

or kindly see the attached screenshot

Screenshot 2022-12-22 at 11.17.27 AM1696×1241 338 KB

Is there anything that I missed to enable it? Thank you

Please set Cross-Origin-Embedder-Policy:require-corp

Here is NodeJS sample

app.use((req, res, next) => {
        res.set('Cross-Origin-Embedder-Policy', 'require-corp');
        res.set('Cross-Origin-Opener-Policy', 'same-origin');

        next();
    });

It is officially still not supported with firefox

Screenshot 2022-12-22 at 2.21.04 PM1920×829 88.1 KB

Please use the value for this header require-corp for now.

It worked with require-corp, but we’ve encountered several CSP issues to load the external resources. It was blocked because of the ‘require-corp’. Kindly see the attached screenshot for your reference.

Screenshot 2022-12-22 at 5.29.21 PM925×75 28.5 KB

Screenshot 2022-12-22 at 5.29.03 PM892×60 15.8 KB

I also tried these headers but it still has the same issues.

  add_header 'cross-origin-resource-policy' '*';
  add_header 'Cross-Origin-Embedder-Policy' 'require-corp';
  add_header 'Cross-Origin-Opener-Policy' 'same-origin';

Then please don’t enable require-corp or any extra header. Just navigate to the session link and there will be a coi-sw.js file link (In the video description) → download that and follow the instructions from the video to load that. Once added to your integration page you will have a gallery view without setting any extra headers to your server.

Okay, I will try your suggestion, then get back here if I might encounter other issues. Thank you so much for your help.

Sure. Welcome & Thanks

I will use your link and let you know if this work for me

OK, If the shared link does not work, then here is the quickest solution. ← This solution also works with no-code platforms and across browsers without any extra effort.

nice trick, but

for firefox there are some limitations with serviceworker

In Firefox, Service Worker APIs are hidden and cannot be used when the user is in private browsing mode, or when history is disabled, or if cookies are cleared when Firefox is closed.

Glad it helped you and thanks for sharing firefox limitations.

if you wan’t use service worker, you has to be shure, that the web admin of your website don’t opt out service workers

https://chromium.googlesource.com/chromium/src/+/master/docs/security/service-worker-security-faq.md#Can-sites-opt-out-of-Service-Workers

here a link to developer, who had this idea

this idea seems to me to be an adequate solution for typical private wordpress website, but certainly not for professionally administered websites

Update: this idea was made for a special project, but not for a common integration of zoom sdk in a normal website

Thank Naeem for sharing the different options to fix this

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.