github.com/forem/selfhost/blob/mai... I tracked down where this is set in self-hosted forem instances, you might try adjusting the /opt/forem/configs/traefik/dynamic.toml file's security headers to have ReferrerPolicy="strict-origin-when-cross-origin" (which is default and what we send in local development) and restarting traefik.
I'm not sure what the security implications of this are, but I suspect this resolves the issue you are seeing with embedding videos via the youtube liquid tag.
DEV.to sends strict-origin-when-cross-origin for this header (so some forem seems to use it just fine and youtube image embedding works correctly).
I'll talk this over with our internal teams to see what the reasoning behind the stricter configuration was here.
Thank you digging into this Daniel! My Forem setup is part of the cloud offering so I wont be able to make these changes on my own, however I will be chatting with the Community Success team this week so I will bring this up with them as well.
Im hoping it will be possible for you and the team to set a less restrictive referrer policy if that is the only method of solving for this issue. Glad I got to learn that the error is not being caused by the video owner directly restricting embed access. Thanks again for the break down!
For further actions, you may consider blocking this person and/or reporting abuse
github.com/forem/selfhost/blob/mai... I tracked down where this is set in self-hosted forem instances, you might try adjusting the /opt/forem/configs/traefik/dynamic.toml file's security headers to have ReferrerPolicy="strict-origin-when-cross-origin" (which is default and what we send in local development) and restarting traefik.
I'm not sure what the security implications of this are, but I suspect this resolves the issue you are seeing with embedding videos via the youtube liquid tag.
DEV.to sends
strict-origin-when-cross-originfor this header (so some forem seems to use it just fine and youtube image embedding works correctly).I'll talk this over with our internal teams to see what the reasoning behind the stricter configuration was here.
Thank you digging into this Daniel! My Forem setup is part of the cloud offering so I wont be able to make these changes on my own, however I will be chatting with the Community Success team this week so I will bring this up with them as well.
Im hoping it will be possible for you and the team to set a less restrictive referrer policy if that is the only method of solving for this issue. Glad I got to learn that the error is not being caused by the video owner directly restricting embed access. Thanks again for the break down!