Hi Observable friends,
I noticed that the main iframe for the rendered cell output has the following
sandbox="allow-scripts allow-popups allow-forms allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation"
It seems that this breaks video playback in the Wistia player (disclosure: I work there), as seen in this notebook: https://beta.observablehq.com/@mrdavidjcole/testing-observable-with-some-wistia-stuff.
I think that’s because Wistia, in most cases, delivers video using hls.js, which uses Media Source Extensions – and Media Source Extensions doesn’t play nice with that restriction. It appears to be struggling to construct the URL for the video’s
src attribute. See the
null in the error message:
Not allowed to load local resource: blob:null/e0de54c8-b258-4a5a-abb3-4a39c11088c6
After a little experimentation in Glitch, I found that including
allow-same-origin in the
sandbox attribute makes things work.
Would you be down to include that in the iframe’s sandbox attribute? If not, it’d be super helpful if you could help me understand why.