Embedded iframe link to video doesn't work for some videos.

lisarosado

in chrome the console error is:

Refused to frame 'https://www.dropbox.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

in firefox error on page:

Firefox Can’t Open This Page

To protect your security, www.dropbox.com will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.

all domains have been added to app setting: Chooser / Saver / Embedder domains

no external domains have changed.

I have checked that the sharing permissions between videos that do work and videos that don't work are the same. There is no other obvious difference between the working/non working videos.

Greg-DB

Based on the error message, it looks like this may be because your site that displays the Embedder is itself being framed by a different site.

Do you have a sample page showing this issue that you can share so we can take a look into this for you?

lisarosado

Hmm that wouldn't make sense if some videos are working and others are not. I do not have a publicly accessible version of this page to show you unfortunately. I'm not sure how this "Based on the error message, it looks like this may be because your site that displays the Embedder is itself being framed by a different site." would be possible. It's a react app and I am including it like so
```<iframe
frameBorder={0}
src={`${video}?raw=1&autoplay=1`}
height="480px"
width="640px"
title="Resource Video"
allowFullScreen
/>```

the video link is the same link you would use to share it, however I strip out the query args from that share url. So the url ends up being the share url minus the original ?dl=0 or whatever else is included, and then I add raw=1&autoplay=1

Again, this works for some videos with 0 change in setup, except that the link changes. There's no discernable difference between the videos. If you wanted to take this chat to email so this isn't publicly viewable I could send you the resource links.

Greg-DB

Thanks for following up. I was looking at the reference to the "frame-ancestors" directive in the error message in particular which relates to if/how frame parents are allowed.

It would be helpful to inspect this directly, so please do open a ticket here so you can share privately.

Здравко

@lisarosado wrote:
...
the video link is the same link you would use to share it, however I strip out the query args from that share url. So the url ends up being the share url minus the original ?dl=0 or whatever else is included, and then I add raw=1&autoplay=1
...

Hi @lisarosado,

Can you take a look once again on the sets of link that work and the other that don't work? Is, by any chance, the only difference between the two groups availability of rlkey link parameter? 🧐

If so, that's the reason. It's never good idea to 'strip out query args'! If you need to change/replace particular parameter, just do it; without messing the others. 😉

Good luck.

Greg-DB

Здравко is correct, the URL parameters may vary slightly for different links for different items, and can be important for how these get embedded, so you should not be stripping these from the links.

Regardless, I see your support ticket has been received so we'll review the details there and follow up with you soon.

Embedded iframe link to video doesn't work for some videos.

Embedded iframe link to video doesn't work for some videos.

Top contributors to this post