Skip to main content
User Community Portal
Solved

Want to add CSP Nonce Attribute to STYLE tag which is getting added for video players

  • September 19, 2024
  • 1 reply
  • 97 views

Forum|alt.badge.img

On click of video play button, STYLE tag is getting added specific to that player in HEAD tag of our page.
Our requirement is to add a CSP Nonce Attribute to that STYLE tags generated by player (example js path: //players.brightcove.net/5807743125001/FHM4NjmJvQ_default/index.min.js).

Please let us know how we can add new CSP Nonce attribute.

Thanks,
Satish

Best answer by Perla Olivas

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
  script-src 'self' players.brightcove.net vjs.zencdn.net;
  connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
  img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
  style-src 'self' players.brightcove.net 'unsafe-inline' ;
  frame-src 'self' players.brightcove.net;
  media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; 
  font-src  'self' data: players.brightcove.net 'unsafe-inline';
  worker-src blob:;

Best,

 

View original
Did this topic help you find an answer to your question?

1 reply

Perla Olivas
Forum|alt.badge.img
  • Employee
  • 52 replies
  • Answer
  • September 30, 2024

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
  script-src 'self' players.brightcove.net vjs.zencdn.net;
  connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
  img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
  style-src 'self' players.brightcove.net 'unsafe-inline' ;
  frame-src 'self' players.brightcove.net;
  media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; 
  font-src  'self' data: players.brightcove.net 'unsafe-inline';
  worker-src blob:;

Best,

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings