Hi,


I want to Apply Content Security Policy for one of my application, but I am getting below error while loading a video file onto one of our page:

Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://mywebsitename.com/ced672a9-1e52-4bd2-b20b-20e6a011e19b (“child-src”).


Details:

Actually, I have a Azure Media Player, on this screen and I am loading a video file from Amazon Cloud storage.


I have tried setting all the properties in CSP:

Base-uri,Child-src,Connect-src,Default-src,Font-src,Img-src,Media-src,Object-src,Plugin-types,Script-src,Style-src,Frame-ancestors,Report-to

But it did not help.


It would be great if anyone could guide me in this regards,


Regards,

Hemlata 

Hello Hemlata Nerurkar

Just to verify have you also set the child-src to 'self' as well ?

and some browsers will still block blobs from being loaded even if self is allowed. 


Then you will need to set a additional attribute of blob:


additionally the use of the child-src is being depracted and is being replaced by the frame-src directive. And that one needs to be identical to your child-src at least for this purpose.

However you can still use it.


With kind regards,


Michael