Adjusting Content Security Policy (CSP)

Stop your browser from blocking Videoly and YouTube requests

If your online store is using CSP, then we recommend adding the sources listed below to your Content Security Policies. 

This avoids browsers blocking all requests from Videoly and YouTube.

  • default-src: 'unsafe-inline' *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net
  • img-src: data: *.ytimg.com *.wistia.com *.wistia.net
  • media-src: data:

Source "data" is needed, because the widget and YouTube's player have inline imaged embedded to avoid network requests.

💡Additional:

  • If you defined script-src rule in you should add 

*.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net

  • If you defined frame-src rule you should add 

*.youtube-nocookie.com, *.videoly.net

These two options only apply when additional rules are defined.
 

Was this article helpful?