Rohit Singh
Reputation: 18192
How to whitelist the Youtube domain in Cordova?
I am using in my Cordova application. But youtube videos in iframes do not load and. When I play click on the Play button video does not play and I am getting a bunch of errors. I see similar questions but the solutions provided there do not work for me. How do I fix this?
This is how it looks on Android phones
Here is how I am using iframe in HTML
<iframe width='320' height='180'
src='https://www.youtube.com/embed/C0DPdy98e4c?autoplay=1'
frameborder='1'
allowfullscreen allow='accelerometer; autoplay; encrypted-media; gyroscope;
picture-in-picture; fullscreen'>
</iframe>
Content Security Policy in HTML
<meta http-equiv="Content-Security-Policy"
content="default-src 'self';
data: gap: https://ssl.gstatic.com 'unsafe-eval';
style-src 'self' 'unsafe-inline';
media-src *;
img-src 'self' data: content:;
frame-src https://www.youtube.com;">
My config.xml
<?xml version='1.0' encoding='utf-8'?>
<widget id="io.cordova.hellocordova" version="1.0.0"
xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<feature name="Whitelist">
<param name="android-package" value="org.apache.cordova.whitelist.WhitelistPlugin" />
<param name="onload" value="true" />
</feature>
<name>HelloCordova</name>
<description>
A sample Apache Cordova application that responds to the deviceready event.
</description>
<author email="[email protected]" href="http://cordova.io">
Apache Cordova Team
</author>
<content src="index.html" />
<allow-navigation href="https://www.youtube.com/*"/>
<allow-navigation href="data:*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<allow-intent href="market:*" />
<preference name="loglevel" value="DEBUG" />
Errors:
2022-09-11 12:47:26.175 5078-5932/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://googleads.g.doubleclick.net/pagead/id
2022-09-11 12:47:26.189 5078-5932/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://static.doubleclick.net/instream/ad_status.js
2022-09-11 12:47:26.205 5078-5078/io.cordova.hellocordova I/chromium:
[INFO:CONSOLE(7)] "Access to XMLHttpRequest at
'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present
on the requested resource.", source: https://www.youtube.com/embed/C0DPdy98e4c?
autoplay=1 (7)
2022-09-11 12:47:26.264 5078-5930/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://jnn-
pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
2022-09-11 12:47:26.298 5078-5932/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://www.google.com/js/th/PzKwASpP14dcK-
4xI3W8wlArk1PaCxVzsebnznhuyzw.js
2022-09-11 12:47:26.380 5078-5930/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist:
https://yt3.ggpht.com/ytc/AMLnZu8nn6pHKRfEKrkfeeohdYrQ1W4OJI6toSqTVjYQNGM=s68-c-k-
c0x00ffffff-no-rj
2022-09-11 12:47:26.382 5078-5930/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://i.ytimg.com/vi/C0DPdy98e4c/hqdefault.jpg
2022-09-11 12:47:26.432 5078-5078/io.cordova.hellocordova I/chromium:
[INFO:CONSOLE(0)] "Access to XMLHttpRequest at 'https://jnn-
pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create' from origin
'https://www.youtube.com' has been blocked by CORS policy: Response to preflight
request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is
present on the requested resource.", source:
https://www.youtube.com/embed/C0DPdy98e4c?autoplay=1 (0)
2022-09-11 12:47:27.437 5078-5932/io.cordova.hellocordova W/SystemWebViewClient: URL
blocked by whitelist: https://jnn-
pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
2022-09-11 12:47:27.452 5078-5078/io.cordova.hellocordova I/chromium:
[INFO:CONSOLE(0)] "Access to XMLHttpRequest at 'https://jnn-
pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create' from origin
Upvotes: 0
Views: 369
Answers (1)
Eric
Reputation: 10626
You seem to be missing some domains, try
<meta http-equiv="Content-Security-Policy" content="
default-src data: gap: 'unsafe-eval' 'self' https://ssl.gstatic.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com;
style-src 'self' 'unsafe-inline';
media-src *;
img-src 'self' data: content:;
frame-src https://www.youtube.com;
">
Upvotes: 1
Related Questions
- cordova 10 has CORS issue with allowList
- URL blocked by whitelist
- Not able to navigate to certain URL in cordova
- Cannot send cross domain requests with Cordova. Whitelisting doesn't work
- How to whitelist multiple domains phonegap (cordova)
- How can I whitelist URLs in phonegap?
- Domain whitelist for PhoneGap/Android app w/Google Maps
- domain whitelist in cordova Android appears to be ignored
- Whitelisting in Cordova (Android)
- How to set up Domain Whitelist in PhoneGap Build?