Skip to main content
User Community Portal

On click of video play button, STYLE tag is getting added specific to that player in HEAD tag of our page.
Our requirement is to add a CSP Nonce Attribute to that STYLE tags generated by player (example js path: //players.brightcove.net/5807743125001/FHM4NjmJvQ_default/index.min.js).

Please let us know how we can add new CSP Nonce attribute.

Thanks,
Satish

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
script-src 'self' players.brightcove.net vjs.zencdn.net;
connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
style-src 'self' players.brightcove.net 'unsafe-inline' ;
frame-src 'self' players.brightcove.net;
media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;
font-src 'self' data: players.brightcove.net 'unsafe-inline';
worker-src blob:;

Best,

 


Reply