Skip to content

Fix YouTube embed error 153 by changing Referrer-Policy #562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 1, 2025
Merged

Fix YouTube embed error 153 by changing Referrer-Policy #562

merged 2 commits into from
Dec 1, 2025
+3 −0

Conversation

Copy link
Contributor

Copilot AI commented Nov 29, 2025
edited
Loading

YouTube embeds fail with error 153 because Django 5.x defaults SECURE_REFERRER_POLICY to same-origin, which suppresses the Referer header on cross-origin requests. YouTube's embedded player API requires the Referer header for client identification.

Change:

  • Set SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin" in config/settings.py

This is YouTube's recommended policy and the browser default.

Fixes #558

Original prompt

This section details on the original issue you should resolve

<issue_title>YouTube embeds fail with a 153 error</issue_title>
<issue_description>Eg on https://simonwillison.net/2024/Jun/21/search-based-rag/

Image</issue_description>

Comments on the Issue (you are @copilot in this section)

@simonw https://developers.google.com/youtube/terms/required-minimum-functionality#embedded-player-api-client-identity

API Clients that use the YouTube embedded player (including the YouTube IFrame Player API) must provide identification through the HTTP Referer request header. In some environments, the browser will automatically set HTTP Referer, and API Clients need only ensure they are not setting the Referrer-Policy in a way that suppresses the Referer value. YouTube recommends using strict-origin-when-cross-origin Referrer-Policy, which is already the default in many browsers.

I'm sending:

Referrer-Policy: same-origin</body></comment_new>

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@simonw
Fix YouTube embed error 153 by setting SECURE_REFERRER_POLICY
9cea4b5 
Co-authored-by: simonw <9599+simonw@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix YouTube embeds failing with a 153 error Fix YouTube embed error 153 by changing Referrer-Policy Nov 29, 2025
Copilot AI requested a review from simonw November 29, 2025 00:50
Copilot finished work on behalf of simonw November 29, 2025 00:50
@simonw
Copy link
Owner

simonw commented Dec 1, 2025

Looks like this is the correct setting: https://docs.djangoproject.com/en/5.2/ref/settings/#secure-referrer-policy

@simonw simonw marked this pull request as ready for review December 1, 2025 05:11
@simonw simonw merged commit ee0caf8 into main Dec 1, 2025
3 checks passed
@simonw simonw deleted the copilot/fix-youtube-embed-153-error branch December 1, 2025 05:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonw simonw Awaiting requested review from simonw

Assignees

@simonw simonw

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

YouTube embeds fail with a 153 error

2 participants

@simonw