Loading video in Iframe

Idea created by hp0080047 on Jul 8, 2019
    Under review
    Score0

    Hi Team,

     

    We found below which can set for content-security-policy which can help us to solve this issue. Can we do this configuration once in order to test that is it allowing us to play videos or not? 

     

    Findings over the SAAS Blackboard videos display inside the IFRAME. 
    Error that we are facing :- 
    "Refused to display 'https://test.blackboard.com/webapps/bbgs-autosignonRMS-BB5b313ed7d9b4c,bbgs-autosignon-BB5b313ed7d9b4c/autoSignon.do?timestamp=1559022317937&userId=<username>&auth=39ea1418a8dea2eabe3ecd2061eb319a&courseId=400005&moduleId=_50_1' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"." 

     

    Reason:- The content is prohibited from being displayed within an IFRAME due the Content Security Policy being set. 

     

    For example:- The web server hosting twitter.com is configured to add a HTTP header to the response object. Specifically they are setting the Content-Security-Policy tag to frame-ancestors 'self'. There is no way you'll be able to embed their pages into a page of your own using IFRAME. 

     


    Solution:- We need to try is to point "Content-Security-Policy" tag in below mentioned way :- 
    If A web site administrator wants to allow content from a trusted domain and all its subdomains . Like as:-"Content-Security-Policy: default-src 'self' *.trusted.com" 

     

    In summary, we need to add header like Content-Security-Policy: default-src 'self' http://*.twitter.com. 

     

    Regards, 
    Hetal

    Product Version (if applicable):0