You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the dev console I get this: Content Security Policy: The page’s settings blocked the loading of a resource at https://inv.odyssey346.dev/embed/nmgFG7PUHfo?autoplay=1&mute=0&controls=1&origin=https%3A%2F%2Ftournesol.app&playsinline=1&showinfo=0&rel=0&iv_load_policy=3&modestbranding=1&enablejsapi=1&widgetid=1 (“frame-src”).
Edit:
I think it has something to do with the CSP being inside a meta tag instead of being inside a response header.
The text was updated successfully, but these errors were encountered:
Invidious embed works on most sites (like discord.com) but on some sites it is blocked by Content Security Policy (CSP).
I know there seem to already be a workaround to bypass CSP and allow Invidious embed in the code:
https://github.com/libredirect/libredirect/blob/4625aa07feb647ecbaa9a2316e778a7bcc01c605/src/assets/javascripts/services.js#L830-L866
But the current workaround still fails on this website for example:
https://tournesol.app/entities/yt:nmgFG7PUHfo
In the dev console I get this:
Content Security Policy: The page’s settings blocked the loading of a resource at https://inv.odyssey346.dev/embed/nmgFG7PUHfo?autoplay=1&mute=0&controls=1&origin=https%3A%2F%2Ftournesol.app&playsinline=1&showinfo=0&rel=0&iv_load_policy=3&modestbranding=1&enablejsapi=1&widgetid=1 (“frame-src”).
Edit:
I think it has something to do with the CSP being inside a meta tag instead of being inside a response header.
The text was updated successfully, but these errors were encountered: