New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive #42
Comments
@distributeddev it looks like you have strapi::security twice. Just remove the second one above "strapi::cors" |
I faced the same issue, did you find out how to fix this ? |
Hi @distributeddev ! Here is my middlewares.js
It fixed the issue for me, try it! |
Awesome, this also worked for me! You rock and thank you for sharing. I was digging into my nginx CSP, but it looks like Strapi also has its own CSP. Update: If you are using nginx security CSP, you will also need to add *.youtube.com *.vimeo.com etc... to your CSP, plus doing the above. Update 2: This link provides more data on how these embeds are displayed and which ones are allowed. We may need to add to this config for other social providers.
https://ckeditor.com/docs/ckeditor5/latest/features/media-embed.html#media-providers Update 3: Yeah, for spotify I had to add it to both nginx and strapi.
to frame-src allowed spotify and dailymotion embed to populate. |
Also important to note, this plugin allows for PREVIEWING the embeded content, but the ` html attribute must be converted into proper HTML for the item to be displayed. 😓 This plugin is useless unless you either:
the HTML syntax used.
For an example of 2., the actual code the
|
EDIT: This answer is only for strapi-plugin-ckeditor 1.x.x, not for 2.x.x
To make the MediaEmbed plugin output an iframe that you can insert directly in your client app, add ckeditor: {
config: {
..
editor: {
...
mediaEmbed: {
previewsInData: true This results in the following HTML when pasting a YT video: <figure class="media">
<div data-oembed-url="https://www.youtube.com/watch?v=TcbFFoAQ5Ck">
<div style="position: relative; padding-bottom: 100%; height: 0; padding-bottom: 56.2493%;">
<iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ" style="position: absolute; width: 100%; height: 100%; top: 0; left: 0;" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen=""></iframe>
</div>
</div>
</figure> Alternatively, to have full control over the output, define your own markup by overriding the mediaEmbed providers, just copy-paste the default YT provider in your providers list: mediaEmbed: {
providers: [
{
name: 'youtube',
url: [
/^(?:m\.)?youtube\.com\/watch\?v=([\w-]+)(?:&t=(\d+))?/,
/^(?:m\.)?youtube\.com\/v\/([\w-]+)(?:\?t=(\d+))?/,
/^youtube\.com\/embed\/([\w-]+)(?:\?start=(\d+))?/,
/^youtu\.be\/([\w-]+)(?:\?t=(\d+))?/
],
html: match => {
const id = match[ 1 ];
const time = match[ 2 ];
return YOUR_HTML
}
},
]
} |
Sweet, I will give this a test the next time I get the chance. |
I've added My
Using What did I do wrong? I've also try |
The answer I showed is for CKEditor 1.x.x. In 2.x.x, it seems you can only use /config/ckeditor.txt, which I have no experience with. I might be able to figure it out later when I have time to upgrade to 2.x. |
Found out that an typo error in the code base causes my issue, as I describe here |
I am getting following error in browser console and I cant see the preview in the editor when embedding videos
And this is what I see in browser
Following is my middlware.js in strapi.
any idea?
The text was updated successfully, but these errors were encountered: