Follow

If you're an instance admin please double-check the CSP headers you've set in nginx if you have any, because you might be bricking the embedding functionality.

@Gargron

is it okay if I re-boost this a couple more times later to get it visible again repeatedly? (presuming it doesn't, like, explode everywhere out of people trying to be helpful and spread it around and all)

@sydneyfalk Yes, you don't have to ask me for permission for that

@Gargron

just figured it'd be polite, wanted to be sure <3

^_^ trying to be helpful, not obnoxious, that's all

@Gargron On #Friendica we use a local proxy feature for OEmbed, so that it's on the same domain as the node.

Ex: friendica.mrpetovan.com/oembed

Where aHR0cHM6Ly90d2l0dGVyLmNvbS9ldmVyeWRheWxvdWllL3N0YXR1cy85Mzg4MDc1MzA1MTU0MTUwNDA= simply is the base64 encode of the target URL.

@Gargron i've been using this forever:

add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://awoo.space; upgrade-insecure-requests";

@vahnj @Gargron is this settings ok to allow embedded Youtube ? I can't find the right setting to allow that...

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!