Skip to main content
User Community Portal
Video Cloud Studio Support Portal Documentation Marketplace
Solved

Want to add CSP Nonce Attribute to STYLE tag which is getting added for video players

  • September 19, 2024
  • 1 reply
  • 97 views
S
Forum|alt.badge.img

On click of video play button, STYLE tag is getting added specific to that player in HEAD tag of our page.
Our requirement is to add a CSP Nonce Attribute to that STYLE tags generated by player (example js path: //players.brightcove.net/5807743125001/FHM4NjmJvQ_default/index.min.js).

Please let us know how we can add new CSP Nonce attribute.

Thanks,
Satish

Best answer by Perla Olivas

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
  script-src 'self' players.brightcove.net vjs.zencdn.net;
  connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
  img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
  style-src 'self' players.brightcove.net 'unsafe-inline' ;
  frame-src 'self' players.brightcove.net;
  media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; 
  font-src  'self' data: players.brightcove.net 'unsafe-inline';
  worker-src blob:;

Best,

 

View original
Did this topic help you find an answer to your question?

1 reply

Perla Olivas
Forum|alt.badge.img
  • Perla Olivas
  • Employee
  • 52 replies
  • Answer
  • September 30, 2024

Hi @Satish Kolli,

Thank you for sharing your question on Bright Spot!

Responding to your question I would like to refer to the following public documentation: https://studio.support.brightcove.com/general/architecture/domains-and-ports-must-be-accessible-video-cloud.html#:~:text=list%20may%20change.-,Content%20security%20policies,-Brightcove%27s%20current%20set

In it you will find the section “Content Security Policy”, you will likely need to add in the other domains serving up the various content-types on your website, along with ours to allow for your web elements.

default-src 'self';
  script-src 'self' players.brightcove.net vjs.zencdn.net;
  connect-src 'self' *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com;
  img-src 'self' players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;
  style-src 'self' players.brightcove.net 'unsafe-inline' ;
  frame-src 'self' players.brightcove.net;
  media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; 
  font-src  'self' data: players.brightcove.net 'unsafe-inline';
  worker-src blob:;

Best,

 

Perla Olivas

Reply


Most helpful members this week

Terms of UseCookie settings
Community Guidelines Privacy Policy Share Feedback Brightcove.com

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings