Allow embedding shared videos only on specific website (or alternative protection)

[vladasko-g]

Right now I see no way to embed videos securely.

We are running a website where its content (videos) is reachable only after authentication. We would like to embed videos from NextCloud there, but then we need to make them public which would make them reachable to anyone and that's not good.

Maybe it is possible to create a feature to only allow videos accessible from certain domains (allowlist certain websites which can embed it) or provide some kind of inline URL authentication compatible with embedding. Password protection which we have now is not ok because it leads to an authorization page and won't work with embedded videos. Also, the security is questionable if we inline the protection in the URL.

These are just suggestions.

Here is the section of the file-sharing configuration, just to make it understandable:

The embedded video would be used similarly to <video src="https://nextcloud.something/something">

[andersrodigrue]

I’m facing a similar challenge with embedding videos securely. We also need to restrict access to content only after authentication, and making videos public is not an option for us either.

Your suggestions, like allowing videos to be embedded only from certain domains or having an inline URL authentication that works seamlessly with embedding, would be very helpful for my use case as well. I hope we can find a secure way to achieve this!