Embedded stream Iframe blocked by firefox

my config

Yunohost 11.1.18 (stable)
Owncast v0.0.13~ynh4
VPS Hetzner CX 31 (8Go RAM 2 vCPU intel)
Interface admin + SSH

the problem

I try to embed my stream with the iframe code but she’s blocked by firefox. Another iframe, from peertube for example, works perfectly.
Do have you an idea ?

the code is :

  height="350px" width="550px"


Probably related to : yunohost/security.conf.inc at dev · YunoHost/yunohost · GitHub

Thanks for your answer. There is something that I can do to make it work ?

according to this

How to Implement CSP frame-ancestors in Apache, Nginx and WordPress?

you have to add

add_header Content-Security-Policy “frame-ancestors ‘yoursite.com’ ‘example.com’;”;

in nginx config
hope this helps, good luck

Thanks for your answer !
I try to add the line on a new file.conf into subdomain nginx folder but it doesn’t work. I also try to delete the line in the security.conf.inc (more_set_headers “X-Frame-Options : SAMEORIGIN”:wink: but it doesn’t work either. (I restarted nginx after changes).

I don’t understand why

hmm, in digiscreen you don’t have to inject the iframe code, but just give the link.
in wordpress, don´t use the embed block, but “individual html” block to inject iframe code.
works for me, without fiddling with nginx.

I use static website with html/css :wink: So I put the code directly into the page code

you can add

more_set_headers “Content-Security-Policy: frame-ancestors ‘self’ https://example.com”;



i think this frame-ancestor overrides the x-frame-option, so do not comment it out.
i hope this works for you, good luck

Thanks for your help. It doesn’t work…

In the code you gave me, I try to add the domain where I host the stream, the domain where I want to iframe the player and https://*.example.com. But nothing works… (I have restarted NGINX after every change)

sorry, seems not skilled enough to help. @Aleks or @tituspijean will know what to do.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.