Task #3834
closed
Accept youtube video in the Content Security Policy in whatsnew.libreoffice.org
0%
Description
Hi Guilhem,
I want to embed a youtube video on https://whatsnew.libreoffice.org/25.2/ and I am getting a Content-Security-Policy block because “default-src 'none'”
could you add https://youtu.be to the header?
Updated by Guilhem Moulin 3 days ago
That would violate TDF's privacy policy (of which the CSP is the technical embodiment). What's doable though is to enable the nocookie version of it (https://www.youtube-nocookie.com) assuming the video has a local overlay with a button to initiate the 3rd party request, akin to what the blog does.
Updated by Juan José González 3 days ago
got it, allowing the no cookie version is perfect then
Updated by Juan José González 3 days ago
would it be better if I embed the peertube version? do I still need to do the local overlay?
from here: https://peertube.opencloud.lu/w/je9LMg8EbgEiTLsoW6s98K
Updated by Guilhem Moulin 3 days ago
- Category set to Website
- Status changed from New to Closed
I'd say so since it's an external resource, but in doubt it's best to check with legal@. The hugo-based tdforg site has a consent button logic to copy from (or probably better to directly source), by the way. See it in action in that page https://www.documentfoundation.org/why-be-a-member/ .