View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003580HTML & PERLBug Report - Interfacepublic2025-03-18 22:012025-04-01 16:45
ReporterGurkenmaster Assigned To 
PrioritynormalSeveritytrivialReproducibilityalways
Status newResolutionopen 
Summary0003580: Content Security Policy blocks youtube embeds frames in the AniDB Forum
Description800646#c500573:340 Refused to frame 'https://www.youtube-nocookie.com/' because it violates the following Content Security Policy directive: "frame-src 'self' hcaptcha.com *.hcaptcha.com".

800646#c500573:341 Refused to frame 'https://www.youtube-nocookie.com/' because it violates the following Content Security Policy directive: "frame-src 'self' hcaptcha.com *.hcaptcha.com".

800646#c500573:757 Refused to frame 'https://www.youtube-nocookie.com/' because it violates the following Content Security Policy directive: "frame-src 'self' hcaptcha.com *.hcaptcha.com".
Steps To ReproduceJust go to https://anidb.net/forum/thread/801501#c500424 and try to play the video.

Additional InformationThe current content security policy is

content-security-policy:
default-src 'none'; connect-src 'self' hcaptcha.com *.hcaptcha.com; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net hcaptcha.com *.hcaptcha.com; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; frame-src 'self' hcaptcha.com *.hcaptcha.com;

It should be more like this:

content-security-policy:
default-src 'none'; connect-src 'self' hcaptcha.com *.hcaptcha.com; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net hcaptcha.com *.hcaptcha.com; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; frame-src 'self' hcaptcha.com *.hcaptcha.com www.youtube-nocookie.com;
TagsNo tags attached.

Activities

Gurkenmaster

2025-03-18 22:01

reporter  

Screenshot From 2025-03-18 22-59-04.png (8,973 bytes)   
Screenshot From 2025-03-18 22-59-04.png (8,973 bytes)   

Gurkenmaster

2025-04-01 16:45

reporter   ~0004501

It's fixed. Youtube embeds work again.

Issue History

Date Modified Username Field Change
2025-03-18 22:01 Gurkenmaster New Issue
2025-03-18 22:01 Gurkenmaster File Added: Screenshot From 2025-03-18 22-59-04.png
2025-04-01 16:45 Gurkenmaster Note Added: 0004501