Forum Discussion

lisarosado's avatar
lisarosado
Explorer | Level 3
2 years ago

Embedded iframe link to video doesn't work for some videos.

in chrome the console error is:

 

Refused to frame 'https://www.dropbox.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

 

in firefox error on page:

 

Firefox Can’t Open This Page

To protect your security, www.dropbox.com will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.

 

all domains have been added to app setting: Chooser / Saver / Embedder domains

no external domains have changed.

 

I have checked that the sharing permissions between videos that do work and videos that don't work are the same. There is no other obvious difference between the working/non working videos.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Based on the error message, it looks like this may be because your site that displays the Embedder is itself being framed by a different site.

     

    Do you have a sample page showing this issue that you can share so we can take a look into this for you?

    • lisarosado's avatar
      lisarosado
      Explorer | Level 3

      Hmm that wouldn't make sense if some videos are working and others are not. I do not have a publicly accessible version of this page to show you unfortunately. I'm not sure how this "Based on the error message, it looks like this may be because your site that displays the Embedder is itself being framed by a different site." would be possible. It's a react app and I am including it like so
      ```<iframe
      frameBorder={0}
      src={`${video}?raw=1&autoplay=1`}
      height="480px"
      width="640px"
      title="Resource Video"
      allowFullScreen
      />```

      the video link is the same link you would use to share it, however I strip out the query args from that share url. So the url ends up being the share url minus the original ?dl=0 or whatever else is included, and then I add raw=1&autoplay=1

       

      Again, this works for some videos with 0 change in setup, except that the link changes. There's no discernable difference between the videos. If you wanted to take this chat to email so this isn't publicly viewable I could send you the resource links.

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Thanks for following up. I was looking at the reference to the "frame-ancestors" directive in the error message in particular which relates to if/how frame parents are allowed.

         

        It would be helpful to inspect this directly, so please do open a ticket here so you can share privately.

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API
Make connections with other developers804 PostsLatest Activity: 2 hours ago
217 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!