GHL MCP Integration OAuth Failure - Critical CORS & CSP Issues
Hi Vapi Support Team,
I'm following up on my previous ticket regarding the GoHighLevel (GHL) integration failure. After investigating with browser developer tools, I've identified several critical technical issues preventing the OAuth flow from completing:
Issues Identified:
CORS Blocking (Primary Issue)
Multiple requests are being blocked by Cross-Origin Resource Blocking
The OAuth callback from GHL cannot complete due to CORS policy restrictions
This prevents the integration from finalizing after user authorization
Content Security Policy Violations
CSP is blocking script-src directive (status: blocked)
Evaluation of JavaScript strings is being prevented
These restrictions are interfering with the OAuth authentication flow
API Communication Failures
Repeated net::ERR_QUIC_PROTOCOL_ERROR 200 (OK) errors on https://api.vapi.ai/events
These errors occur during the integration process
Suggests backend communication issues during OAuth callback
Current Behavior:
Click "Connect" → Opens GHL permissions page ✓
Accept permissions ✓
Choose subaccount ✓
Redirect back to Vapi → Integration shows as NOT connected ✗
Important Note:
This is not an isolated issue - multiple users are experiencing the same problem with the GHL integration, which suggests this is an infrastructure/configuration issue on Vapi's side rather than a user-specific problem.
Request:
Please review and update:
CORS policy to allow GHL OAuth callback domains
CSP directives to support the OAuth flow
QUIC protocol handling for the /events endpoint
I've attached screenshots of the browser console errors for your engineering team's reference.
Please prioritize this as it's blocking a critical integration for multiple users. Let me know if you need any additional diagnostic information.
Thank you for your assistance.
I'm following up on my previous ticket regarding the GoHighLevel (GHL) integration failure. After investigating with browser developer tools, I've identified several critical technical issues preventing the OAuth flow from completing:
Issues Identified:
CORS Blocking (Primary Issue)
Multiple requests are being blocked by Cross-Origin Resource Blocking
The OAuth callback from GHL cannot complete due to CORS policy restrictions
This prevents the integration from finalizing after user authorization
Content Security Policy Violations
CSP is blocking script-src directive (status: blocked)
Evaluation of JavaScript strings is being prevented
These restrictions are interfering with the OAuth authentication flow
API Communication Failures
Repeated net::ERR_QUIC_PROTOCOL_ERROR 200 (OK) errors on https://api.vapi.ai/events
These errors occur during the integration process
Suggests backend communication issues during OAuth callback
Current Behavior:
Click "Connect" → Opens GHL permissions page ✓
Accept permissions ✓
Choose subaccount ✓
Redirect back to Vapi → Integration shows as NOT connected ✗
Important Note:
This is not an isolated issue - multiple users are experiencing the same problem with the GHL integration, which suggests this is an infrastructure/configuration issue on Vapi's side rather than a user-specific problem.
Request:
Please review and update:
CORS policy to allow GHL OAuth callback domains
CSP directives to support the OAuth flow
QUIC protocol handling for the /events endpoint
I've attached screenshots of the browser console errors for your engineering team's reference.
Please prioritize this as it's blocking a critical integration for multiple users. Let me know if you need any additional diagnostic information.
Thank you for your assistance.
