I am not able to load a video on my site which I am trying to load from Google Cloud:
In my Node.js server, I have the following to redirect the URL, after checking for its match:
if (url == "targetUrl") { //the URL I am trying to match
res.writeHead(301, {
Location: 'https://storage.googleapis.com/myCloudFolder/someVideo.mp4'
}).end();
}
My Content Security Policy for media-src is set in the header as:
"media-src 'self' https://storage.googleapis.com/myCloudFolder blob:;
I get the following errors in the browser’s console when the video is loaded:
Refused to load media from '<URL>' because it violates the following Content Security Policy directive: "media-src 'self' <URL> blob:".
abc.def.com/:1 Refused to load media from 'https://storage.googleapis.com/myCloudFolder/someVideo.mp4'
because it violates the following Content Security Policy directive:
"media-src 'self' http://storage.googleapis.com/myCloudFolder blob:".
On the video element itself, the error displayed is:
The media could not be loaded, either because the server or network failed or because the format is not supported.
In the media-src, I tried by dropping the scheme (https://) as well as by using http, but the error persists.
My question is: What should I set the media-src to, to load the video from https://storage.googleapis.com/myCloudFolder
>Solution :
Your content-security policy should be
media-src 'self' https://storage.googleapis.com/myCloudFolder/ blob:
The trailing slash after myCloudFolder is needed to match all files in that folder. Without the trailing slash only the exact path is matched. See here.