New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: [Objects] External video preview image (YouTube) blocked due to CSP #526
Comments
I'd do a PR in |
Thanks a lot for reporting the issue. We did not consider the issue as "Pimcore:Priority", "Pimcore:ToDo" or "Pimcore:Backlog", so we're not going to work on that anytime soon. Please create a pull request to fix the issue if this is a bug report. We'll then review it as quickly as possible. If you're interested in contributing a feature, please contact us first here before creating a pull request. We'll then decide whether we'd accept it or not. Thanks for your understanding. |
can confirm this |
should also be included |
PR would be great. Thx |
Pimcore version
11.2.2
Steps to reproduce
video
.Refused to frame 'https://www.youtube-nocookie.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data:".
Actual Behavior
Preview image is blocked due to CSP and thus not shown.
Expected Behavior
As configuring YouTube in video field is a core functionality it should not require project specific configuring such as:
Instead these external video services should be allowed by default in
ContentSecurityPolicyHandler
.The text was updated successfully, but these errors were encountered: