Conversation
I got YouTube error 153 on my embedded players that went away after I added `referrerpolicy="strict-origin-when-cross-origin"` to the template of embed video. This was suggested in few StackOverflow questions and it is based on https://developers.google.com/youtube/terms/required-minimum-functionality#embedded-player-api-client-identity
citizenfish
left a comment
citizenfish
left a comment
There was a problem hiding this comment.
I've tested this and it works well
|
Hey @Letme, could you fix the unit tests so we can get this merged? |
Sure. I hope CI will now work as I push this (was working with WebIDE). |
|
@aleksihakli I pushed the changes. Locally tox ran fine. |
mgrdcm
left a comment
mgrdcm
left a comment
There was a problem hiding this comment.
Just have questions about whether this is also needed for Vimeo?
| '<iframe width="80%" height="30%" ' | ||
| 'src="https://player.vimeo.com/video/72304002" ' | ||
| 'loading="lazy" frameborder="0" allowfullscreen></iframe>', | ||
| 'loading="lazy" frameborder="0" allowfullscreen referrerpolicy="strict-origin-when-cross-origin"></iframe>', |
There was a problem hiding this comment.
I did not find any information for it. Should this be a blocker?
There was a problem hiding this comment.
I just mean that I think this test should probably fail because it's checking for the referrer policy for Vimeo and not for YouTube.
There was a problem hiding this comment.
I found similar thing at Vimeo, so I am a bit more certain this can help it: https://help.vimeo.com/hc/en-us/articles/35817429341457-Troubleshooting-video-playback-errors-due-to-referrer-policy-conflicts
| '<iframe width="80%" height="300" ' | ||
| 'src="https://player.vimeo.com/video/72304002" ' | ||
| 'loading="lazy" frameborder="0" allowfullscreen></iframe>', | ||
| 'loading="lazy" frameborder="0" allowfullscreen referrerpolicy="strict-origin-when-cross-origin"></iframe>', |
mgrdcm
left a comment
mgrdcm
left a comment
There was a problem hiding this comment.
This new referrerpolicy is getting added for all backends rather than just YouTube, which I don't think is the intention or desirable. It should be possible to add it in a way that it only applies to YouTube, happy to help with that!
| @@ -1 +1 @@ | |||
| <iframe width="{{ width }}" height="{{ height }}" src="{{ backend.url }}" loading="lazy" frameborder="0" allowfullscreen></iframe> | |||
| <iframe width="{{ width }}" height="{{ height }}" src="{{ backend.url }}" loading="lazy" frameborder="0" allowfullscreen referrerpolicy="strict-origin-when-cross-origin"></iframe> | |||
There was a problem hiding this comment.
This is getting added for all backends rather than just YouTube, which I don't think is the intention or desirable.
There was a problem hiding this comment.
For instance could add a variable to the default embed_code.html and the YouTube backend either uses a template that inherits from that one, or maybe just the code for the YT backend fills in that variable.
There was a problem hiding this comment.
Can you explain me why this would not be good for Vimeo? What would break by explicitly defining it?
There was a problem hiding this comment.
Can I ping on this as a decision? Because if you want me to put a backend around then fine, but I need the changes from official release, as now I have to manually fix the template post installation.
There was a problem hiding this comment.
@Letme Hello! Sorry to be a holdup on this, and thanks to you and @aleksihakli for the feedback and patience.
My worry was that it would be leaking more information to the host of the video than before, but now I'm not quite sure. According to W3C no-referrer-when-downgrade is the default, while MDN says it's no-referrer-when-downgrade. Looks like Chrome changed defaults from the former to the latter many years ago and so I'm guessing at least some other browsers have as well.
So it looks like this isn't even much of a change in most cases, which makes me wonder why it works/is necessary, but I don't see a reason to hold it up anymore at least.
Thanks for this change @Letme!
|
Does this have the potential to introduce any unwanted side-effects? I'd see this as a purely improvement unless it degrades something or I'm missing something - this simply disables the sending of the Maybe this could be included with a flag that would default to What do you think @mgrdcm? |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #217 +/- ##
=======================================
Coverage 99.10% 99.10%
=======================================
Files 16 16
Lines 671 671
Branches 40 40
=======================================
Hits 665 665
Misses 4 4
Partials 2 2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Thanks for merging. Please also make a release so that we can install the fix via pypi. |
4 participants
I got YouTube error 153 on my embedded players that went away after I added
referrerpolicy="strict-origin-when-cross-origin"to the template of embed video. This was suggested in few StackOverflow questions and it is based on https://developers.google.com/youtube/terms/required-minimum-functionality#embedded-player-api-client-identity