Skip to main content

On click of video play button, STYLE tag is getting added specific to that player in HEAD tag of our page.
Our requirement is to add a CSP Nonce Attribute to that STYLE tags generated by player (example js path: //players.brightcove.net/5807743125001/FHM4NjmJvQ_default/index.min.js).

Please let us know how we can add new CSP Nonce attribute.

Thanks,
Satish

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
script-src 'self' players.brightcove.net vjs.zencdn.net;
connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
style-src 'self' players.brightcove.net 'unsafe-inline' ;
frame-src 'self' players.brightcove.net;
media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;
font-src 'self' data: players.brightcove.net 'unsafe-inline';
worker-src blob:;

Best,

 


Reply