I leave it on the top level of this file just to add it someplace 😄
We need to rethink how this will play with the WYSIWYG editor video embeds. Now I'm able to add a YouTube embed, and of course it doesn't work
Content Security Policy: The page’s settings blocked the loading of a resource at https://www.youtube-nocookie.com/embed/q_biZCsoloU?cc_load_policy=1&modestbranding=1 (“frame-src”).
I think we would need two approaches for this:
- To add the services that we already handle on the video embed in the default CSP configuration: www.youtube-nocookie.com and player.vimeo.com
- On other services that it works but we don't actually handle explicitly (such as dailymotion.com), then what we could do is to somehow check if this is blocked while embedding, and show a modal alert with something like this:
This content was blocked by the Content Security Policy configuration. Please contact the system administrator of this installation so they can change this configuration.
Read more about [customizing the Content Security Policy](https://docs.decidim.org/develop/en/customize/content_security_policy)
(I'm not even sure if it's possible to do this programmatically, but that would be the best flow IMO)
Originally posted by @andreslucena in #10700 (comment)
Refs: #10700
We need to rethink how this will play with the WYSIWYG editor video embeds. Now I'm able to add a YouTube embed, and of course it doesn't work
I think we would need two approaches for this:
(I'm not even sure if it's possible to do this programmatically, but that would be the best flow IMO)
Originally posted by @andreslucena in #10700 (comment)
Refs: #10700