the iframe embed of the video block correctly does not communicate the referrer domain to Vimeo and the embedded page hence shows a "Sorry, Because of its privacy settings, this video cannot be played here." error rather than the video (as brought up on Discord).
bastianallgeier
commented
3 years ago
As the Panel sets a
same-originreferrer policy for privacy/infosec reasons,https://github.com/getkirby/kirby/blob/38afb2d650f3764d23d732b23ae8f04ab9ffba69/views/panel.php#L20
the iframe embed of the video block correctly does not communicate the referrer domain to Vimeo and the embedded page hence shows a "Sorry, Because of its privacy settings, this video cannot be played here." error rather than the video (as brought up on Discord).
This should be possible to fix — analogous to the solution discussed on the forum and in the related kirby-embed plugin's issue — by adding a
referrerpolicy="strict-origin-when-cross-origin"attribute to the iframe code at:https://github.com/getkirby/kirby/blob/38afb2d650f3764d23d732b23ae8f04ab9ffba69/panel/src/components/Blocks/Types/Video.vue#L11