Introduction How to add CSS or JavaScript files to an Android/iOS project How to combat autoplay policies Why does fullscreen not behave as expected on iOS Why does the Network API not work on iOS devices Why does Chromecast not work on iOS Chrome?Why can't I select another video quality on iOS/tvOS?Is YouTube supported Why does the player load only one audio track (even though there are several in the manifest)Is it possible to see 360 degrees photo with THEOplayer Why the Visibility API does not work through an iframe on Safari and IE11 What is an impression How to know whether a live stream is playing Which error related events does the player expose Why did my subtitles stop working How does Media Engagement Index (MEI) affect Autoplay on Chrome What does the error message 'Unknown CDM error' mean What does the error message 'Something went wrong with Native playback' mean Why are not all response headers exposed Why does the currentTime seem off in my livestream & what can I do about it How to remove CORS restrictions from a reproduction stream Which network calls (or requests) does THEOplayer do Why does the playback not work when using the Chrome iPhone/iPad simulator What does the error message 'can only be initiated by a user gesture' imply? Can I still force the desired action How to remove unwanted CC track in iOS or Safari Why do I get a gray play button in my Android WebView and how to remove it?MediaTek limitations How to use ProGuard with THEOplayer Android SDK Self-hosting and versioning of THEOplayer Does THEOplayer support EXT-X-DATERANGE Can clipping be used on a playlist Can timeline thumbnails be made available before playback start What are the benefits of preloading What are the player seeking and seeked events and when are they fired Can we use HLS or DASH ads How to change text in THEOplayer Change text when Airplaying ITP2.1 problems using THEOplayer Removing context menu/'Powered by THEOplayer v2...'What aspects of THEOplayer do we need to take into account to deploy a proper Content Security Policy (CSP)How can we avoid that the player keeps looking for chunks/segments if they are not found Can we show a custom message on 403 on mp4 Can we prevent UpNext feature from redirecting Is it possible to preload VOD content while the pre-roll is playing Why is my video not playing automatically Is it possible to have multiple player instances play at the same time Is it a problem if the viewer pauses a live stream for longer than the DVR window THEOplayer Features & Modules Chromecast on my webplayer does not work any longer despite no change in my implementation How to track network errors What is the support for Wowza How to use the CDN fallback/backup stream feature How to apply accurate buffering strategy How can I distribute 4K content?What is the collaboration between Azure Media Services and THEOplayer Is Portrait mode supported How to prevent screen recording The provided video source is incompatible with the license for this player Page and Source domains What does the error message “Something went wrong determining the initial period of the provided MPEG-DASH stream” mean Why is my PlayReady stream not working in Chromium Edge?Which subtitle and CC formats are supported on native Safari How to navigate through the documentation and resources How to create a (great) ticket How to investigate a ticket What are the limitations of AirPlay What are the Edgio challenges How to use the Media Session API How to use THEOplayer iOS SDK on an M1 mac Widevine CDM deprecation notice for old browser versions

What aspects of THEOplayer do we need to take into account to deploy a proper Content Security Policy (CSP)

The script-src 'self' and 'inline' should be allowed. The player also requires doing calls to *.theoplayer.com and to wherever the JavaScript files and workers are located. Additionally, depending on your active features, you may need to add some other source (e.g.: if you are using Chromecast, you will need to allow https://www.gstatic.com/, as its library is hosted there).

Designed to be fully compatible with browser versions that don’t support it, Content Security Policy (CSP) is an additional layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources the user agent is allowed to load for that page. (source: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)

When configuring CSP on your pages including THEOplayer, you will need to allow:

*.theoplayer.com, as the license needs to contact this domain
the domain(s) where your JavaScript and worker files are hosted
script-src: 'self' and 'inline'
any domains hosting the libraries related to the features of THEOplayer that you are using. For example, Google IMA, Chromecast, FreeWheel, Youbora, Conviva, etc.

Resources

The following resources provide more information:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP/

Make sure to follow us on GitHub!

Leuven

New York

Singapore

Barcelona