[
https://issues.apache.org/jira/browse/CB-11025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15283514#comment-15283514
]
Daniel Rossi commented on CB-11025:
-----------------------------------
Hi guys. In cordova it adds a default content security tag. Safari lacks the
new "child-src" option that is where it was broken. frame-src seems to override
the default-src so it breaks the gap:// iframe.
You need something like this so add the youtube url into the default-src.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data:
gap: https://ssl.gstatic.com https://www.youtube.com 'unsafe-eval'; style-src
'self' 'unsafe-inline'; media-src *; script-src 'self' 'unsafe-eval'
https://yourdomain.com https://www.youtube.com https://s.ytimg.com; img-src
'self' https://i.ytimg.com;";>
It is working for me especially with the inline options
<preference name="AllowInlineMediaPlayback" value="true"/>
<preference name="MediaPlaybackRequiresUserAction" value="false"/>
<preference name="MediaPlaybackAllowsAirPlay" value="true"/>
> YouTube API failing on iOS
> --------------------------
>
> Key: CB-11025
> URL: https://issues.apache.org/jira/browse/CB-11025
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 6.0.0
> Reporter: Andrew Busch
> Labels: triaged
>
> When I inject a YouTube {{<iframe>}} and absorb it with a YT.Player object,
> the YouTube video does not load and I get the following message in the
> browser JavaScript console:
> {{Unable to post message to https://www.youtube.com. Recipient has origin
> file://.}}
> I've tried the exact same code with Cordova 5.4.1 and it works, but fails for
> both 6.0.0 and 6.1.1. Issue is restricted to iOS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
