Videoly Knowledge

Contact us

Adjusting Content Security Policy (CSP)

Stop your browser from blocking Videoly and YouTube requests

If your online store is using CSP, then we recommend adding the sources listed below to your Content Security Policies. 

This avoids browsers blocking all requests from Videoly and YouTube.

  • default-src: 'unsafe-inline' *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net
  • img-src: data: *.ytimg.com *.wistia.com *.wistia.net *.videoly.co
  • media-src: data:

Source "data" is needed, because the widget and YouTube's player have inline imaged embedded to avoid network requests.

💡Additional:

  • If you defined script-src rule, you should add:

*.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net

  • If you defined frame-src rule, you should add: 

*.youtube-nocookie.com *.videoly.net

  • If you defined connect-src rule, you should add: 

*.videoly.co

 

 

These two options only apply when additional rules are defined.
 

Was this article helpful?

Related Articles

How to install Videoly in Shopify (video)

Watch this short video guide by our sales engineer Beza, to get you up set up wit...

Launching Videoly in a testing environment

Testing, development or staging environments allow you to test how the Videoly wi...

How to position the widget on your product page

By default, the Videoly widget’s position is defined by the Videoly team. We reco...

Creating invisible placeholders for product information and widget location

The default configuration of the widget is typically set up by the Videoly team. ...