Mirrors/readeck
1
0
Fork 1
mirror of https://codeberg.org/readeck/readeck.git synced 2025-12-22 13:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Send referrer on embedded videos

Browse Source 
As per Google/Youtube requirements, an embedded iframe must set a
referrer.
https://developers.google.com/youtube/terms/required-minimum-functionality#embedded-player-api-client-identity

This adds "strict-origin-when-cross-origin" to embedded iframes so
playback works again.

Resolves #942
This commit is contained in:
Olivier Meunier
2025-11-19 07:25:21 +01:00
parent e6ade4ae58
commit 7f0c3ad064
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
assets/templates/videoplayer/index.jet.html
View File

@@ -59,7 +59,7 @@ SPDX-License-Identifier: AGPL-3.0-only
allow="accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; browsing-topics 'none'; camera 'none'; display-capture 'none'; domain-agent 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport ''; gamepad 'none'; geolocation 'none'; gyroscope 'none'; hid 'none'; identity-credentials-get 'none'; idle-detection 'none'; local-fonts 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; otp-credentials 'none'; payment 'none'; publickey-credentials-create 'none'; publickey-credentials-get 'none'; screen-wake-lock 'none'; serial 'none'; speaker-selection 'none'; usb 'none'; window-management 'none'; xr-spatial-tracking 'none'"
allowfullscreen="true"
credentialless="true"
referrerpolicy="no-referrer"
referrerpolicy="strict-origin-when-cross-origin"
sandbox="allow-scripts allow-same-origin"
csp="sandbox allow-scripts allow-same-origin"
></iframe>

2
internal/bookmarks/dataset/bookmarks.go
View File

@@ -361,7 +361,7 @@ func (bi *Bookmark) SetEmbed() error {
dom.SetAttribute(embed, "src", src.String())
dom.SetAttribute(embed, "credentialless", "true")
dom.SetAttribute(embed, "allowfullscreen", "true")
dom.SetAttribute(embed, "referrerpolicy", "no-referrer")
dom.SetAttribute(embed, "referrerpolicy", "strict-origin-when-cross-origin")
dom.SetAttribute(embed, "sandbox", "allow-scripts allow-same-origin")
dom.SetAttribute(embed, "allow", "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; browsing-topics 'none'; camera 'none'; display-capture 'none'; domain-agent 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport ''; gamepad 'none'; geolocation 'none'; gyroscope 'none'; hid 'none'; identity-credentials-get 'none'; idle-detection 'none'; local-fonts 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; otp-credentials 'none'; payment 'none'; publickey-credentials-create 'none'; publickey-credentials-get 'none'; screen-wake-lock 'none'; serial 'none'; speaker-selection 'none'; usb 'none'; window-management 'none'; xr-spatial-tracking 'none'")
dom.SetAttribute(embed, "csp", "sandbox allow-scripts allow-same-origin")