Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive #42
Comments
|
@distributeddev it looks like you have strapi::security twice. Just remove the second one above "strapi::cors" |
|
I faced the same issue, did you find out how to fix this ? |
|
Hi @distributeddev ! Here is my middlewares.js It fixed the issue for me, try it! |
|
Awesome, this also worked for me! You rock and thank you for sharing. I was digging into my nginx CSP, but it looks like Strapi also has its own CSP. Update: If you are using nginx security CSP, you will also need to add *.youtube.com *.vimeo.com etc... to your CSP, plus doing the above. Update 2: This link provides more data on how these embeds are displayed and which ones are allowed. We may need to add to this config for other social providers. https://ckeditor.com/docs/ckeditor5/latest/features/media-embed.html#media-providers Update 3: Yeah, for spotify I had to add it to both nginx and strapi. to frame-src allowed spotify and dailymotion embed to populate. |
|
Also important to note, this plugin allows for PREVIEWING the embeded content, but the ` html attribute must be converted into proper HTML for the item to be displayed. 😓 This plugin is useless unless you either:
the HTML syntax used. For an example of 2., the actual code the |
|
EDIT: This answer is only for strapi-plugin-ckeditor 1.x.x, not for 2.x.x
To make the MediaEmbed plugin output an iframe that you can insert directly in your client app, add ckeditor: {
config: {
..
editor: {
...
mediaEmbed: {
previewsInData: trueThis results in the following HTML when pasting a YT video: <figure class="media">
<div data-oembed-url="https://www.youtube.com/watch?v=TcbFFoAQ5Ck">
<div style="position: relative; padding-bottom: 100%; height: 0; padding-bottom: 56.2493%;">
<iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ" style="position: absolute; width: 100%; height: 100%; top: 0; left: 0;" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen=""></iframe>
</div>
</div>
</figure>Alternatively, to have full control over the output, define your own markup by overriding the mediaEmbed providers, just copy-paste the default YT provider in your providers list: mediaEmbed: {
providers: [
{
name: 'youtube',
url: [
/^(?:m\.)?youtube\.com\/watch\?v=([\w-]+)(?:&t=(\d+))?/,
/^(?:m\.)?youtube\.com\/v\/([\w-]+)(?:\?t=(\d+))?/,
/^youtube\.com\/embed\/([\w-]+)(?:\?start=(\d+))?/,
/^youtu\.be\/([\w-]+)(?:\?t=(\d+))?/
],
html: match => {
const id = match[ 1 ];
const time = match[ 2 ];
return YOUR_HTML
}
},
]
} |
|
Sweet, I will give this a test the next time I get the chance. |
|
I've added My Using What did I do wrong? I've also try |
The answer I showed is for CKEditor 1.x.x. In 2.x.x, it seems you can only use /config/ckeditor.txt, which I have no experience with. I might be able to figure it out later when I have time to upgrade to 2.x. |
Found out that an typo error in the code base causes my issue, as I describe here |
I am getting following error in browser console and I cant see the preview in the editor when embedding videos
And this is what I see in browser
Following is my middlware.js in strapi.
any idea?
The text was updated successfully, but these errors were encountered: