[xExtension-YouTube] Add referrer policy to iframe in extension.php

[QrchackOfficial]

Hi,

I've been seeing Error 153 / Video player configuration error just like reported here:
https://forum.obsidian.md/t/youtube-video-embed-does-not-work-video-player-configuration-error/103181

Added referrer policy as taken from youtube embed iframe via share button on youtube.com, seems to be working nicely.

Additionally, it seems to work just fine with width/height set directly on the iframe element, no need to duplicate with inline style - this is not in the PR, but observed and tested.

[Alkarex]

Ping @Inverle

[Frenzie]

With CSS you can do things like set an aspect ratio (but I'm not quite sure what the point of the code is as written).

[Inverle]

Indeed that seems to be the cause (referrerpolicy)
https://developers.google.com/youtube/iframe_api_reference#onError

But a video can still manage to load without a referrer after a few iframe reloads, which is strange.

[Inverle]

Additionally, it seems to work just fine with width/height set directly on the iframe element, no need to duplicate with inline style

Yes the style attribute is also redundant due to CSP, but it was put there for some reason.
It would be good to remove it since it's spamming the console log with errors:

Content-Security-Policy: The page’s settings blocked an inline style (style-src-attr) from being applied because it violates the following directive: “default-src 'self'”

[QrchackOfficial]

Thanks guys!

[abodnar]

I'm still running into this even after updating my extension to the latest code. I've checked the rendered html and it has the referrerpolicy="strict-origin-when-cross-origin" in the iframe.

Is there anything else that could be causing this to happen? or I can provide to help with debugging?

[QrchackOfficial]

I believe this only affects newly fetched entries, you can try deleting and updating from the feed settings to confirm.

Example working iframe render from my feed:

<iframe class="youtube-plugin-video" style="height: 630px; width: 1120px;" width="1120" height="630" src="https://www.youtube.com/embed/h0CMIQSPXeI" frameborder="0" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen=""></iframe>

Switching between youtube.com and youtube-nocookie.com in dev tools confirms both domains should work

[Inverle]

Is there anything else that could be causing this to happen? or I can provide to help with debugging?

Look at the Network tab in DevTools (F12) and see in the youtube iframe request if your browser is sending a Referer header.
It's possible YT is doing something else too though (refreshing the iframe a few times may work or not)

I believe this only affects newly fetched entries, you can try deleting and updating from the feed settings to confirm.

No, the entry_before_display hook is called on each render. See: https://freshrss.github.io/FreshRSS/en/developers/03_Backend/05_Extensions.html

[abodnar]

Look at the Network tab in DevTools (F12) and see in the youtube iframe request if your browser is sending a Referer header.
It's possible YT is doing something else too though (refreshing the iframe a few times may work or not)

Looks like Safari does not sender a referrer header.

I tried this in Chrome and it did work correctly and did send the header.