We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug When I paste a video link inside Media Embed field it is not showed in ckeditor and in console I see this message:
Content Security Policy: The page’s settings blocked the loading of a resource at https://www.youtube.com/embed/SZLiCyA5SFQ (“default-src”).
Here is my security configurations:
export default [ 'strapi::errors', // 'strapi::security', 'strapi::cors', 'strapi::poweredBy', 'strapi::logger', 'strapi::query', 'strapi::body', 'strapi::session', 'strapi::favicon', 'strapi::public', { name: 'strapi::security', config: { contentSecurityPolicy: { useDefaults: true, directives: { 'connect-src': ["'self'", 'https:'], "default-src": [ "'self'", "data:", "blob:", "www.youtube.com", ], 'img-src': [ "'self'", 'data:', 'blob:', 'market-assets.strapi.io', 'minio.news.mys3bucket.com' ], 'media-src': [ "'self'", 'data:', 'blob:', "www.youtube.com", 'market-assets.strapi.io', 'minio.news.mys3bucket.com', ], "frame-src": [ "'self'", "data:", "blob:", "www.youtube.com", ], upgradeInsecureRequests: null } } } } ];
The text was updated successfully, but these errors were encountered:
I included the following in the directives object which removed the CSP error.
directives
"media-src": [ "'self'", "data:", "blob:", "https://www.youtube.com/", ], "frame-src": ["https://www.youtube.com/"],
Sorry, something went wrong.
just only add 'youtube.com'. Leave out the protocol and subdomains.
I'm having the same issue but these two configs are not working for me. Any update on this? I'm using the v2.1.0 with Strapi 4.22
No branches or pull requests
Describe the bug
When I paste a video link inside Media Embed field it is not showed in ckeditor and in console I see this message:
Here is my security configurations:
The text was updated successfully, but these errors were encountered: