Adjusting Content Security Policy (CSP)

Stop your browser from blocking Videoly and YouTube requests

*If your online store is using CSP, then we recommend adding the sources listed below to your Content Security Policies. 

This avoids browsers blocking all requests from Videoly and YouTube.

  • default-src: 'unsafe-inline' *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net
  • img-src: data: *.ytimg.com *.wistia.com *.wistia.net *.videoly.co
  • media-src: data:

Source "data" is needed, because the widget and YouTube's player have inline imaged embedded to avoid network requests.

💡Additional:

  • If you defined script-src rule, you should add:

*.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net

  • If you defined frame-src rule, you should add: 

*.youtube-nocookie.com *.videoly.net

  • If you defined connect-src rule, you should add: 

*.videoly.co

 

These two options only apply when additional rules are defined.
 

Was this article helpful?