Open franckadil opened 2 years ago
I get the same error on version 4.7.0:
GET https://www.youtube.com/player_api CSP
Loading failed for the <script> with source “https://www.youtube.com/player_api”. livestream:1:1
Content Security Policy: The page’s settings blocked the loading of a resource at https://www.youtube.com/player_api (“script-src”). 28f042d48dc7212074cc2b3601f91762d103324d.js:1512:296820
In fact <script src="https://www.youtube.com/player_api" type="text/javascript"></script>
is include in the root document so response header such as:
content-security-policy | default-src 'self' ; connect-src *; font-src 'self' data:; frame-src *; img-src * data: blob:; media-src * data:; script-src 'self' 'unsafe-eval' 'sha256-jqxtvDkBcRAl9Hpqv62WdNOieepg8tJSYu1xIy7zT24=' ; style-src 'self' 'unsafe-inline'
will not cover loading script from www.youtube.com (script-src 'self' 'unsafe-eval' 'sha256-jqxtvDkBcRAl9Hpqv62WdNOieepg8tJSYu1xIy7zT24=' ;
)
Description:
Steps to reproduce:
Expected behavior:
The reader popup should display and allow playing the video.
Actual behavior:
Server Setup Information:
Client Setup Information
Relevant logs: