Closed soumendrak closed 2 weeks ago
Thanks @welpo for the precise solution. After making the following changes, it fixed the issue.
allowed_domains = [
{ directive = "font-src", domains = ["'self'", "data:"] },
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] },
{ directive = "media-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] },
{ directive = "script-src", domains = ["'self'"] },
{ directive = "style-src", domains = ["'self'"] },
- { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },
+ { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube.com"] },
]
Glad to hear!
The example CSP example uses youtube-nocookie for privacy reasons (and because it was the default shortcode built-in with Zola until some time ago).
You might want to modify your shortcode to use the youtube-nocookie URL. The old shortcode:
<div {% if class %}class="{{class}}"{% endif %}>
<iframe src="https://www.youtube-nocookie.com/embed/{{id}}{% if playlist %}?list={{playlist}}{% endif %}{% if autoplay %}?autoplay=1{% endif %}" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
</div>
@welpo Thanks for this snippet. Is there any reason why Zola removed this shortcode?
They were removed here: https://github.com/getzola/zola/commit/a56e4248e12cd0e958e5fbb48c039c85a989d238
Reasoning:
The youtube one for example had been broken for a long time and no one really noticed. It's better to not have anything than something not tested/doesn't work. Most of them were only a couple of lines anyway.
I might add Vimeo/YouTube shortcodes to tabi and mention the CSP changes necessary to make them work on the documentation.
Bug Report
I have used an YT shortcode which was working fine withe Apollo theme. However, in tabi I am facing issue.
I have added this file,
youtube.html
under templates/shortcodeEnvironment
Zola version: 0.19.1 tabi version or commit: 2.13.0
Expected Behavior
Youtube video should have come as an embedding.
Current Behavior
Tell us what happens instead of the expected behavior. link
Step to Reproduce