Comment by wl
6 years ago
Without the local webserver, they fall back to Safari's URL handler, which asks whether or not you wan't to start the application in question.
They went through a lot of trouble to implement this ridiculous solution to avoid the kind of thing you describe.
Which is why they're doubling down on not fixing it.
I mean _with_ their local webserver, can they implement their own, simple confirmation of some kind?
“This [local webserver] is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting.”
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-...
According to Zoom the intended purpose of the local webserver is specifically to avoid the confirmation step.
Well - Safari asks you for confirmation. They built the local, exploitable web-server to avoid the confirmation message. Why would they go to that trouble, only to reimplement what they were trying to avoid?