I think that’s because Wistia, in most cases, delivers video using hls.js, which uses Media Source Extensions – and Media Source Extensions doesn’t play nice with that restriction. It appears to be struggling to construct the URL for the video’s src attribute. See the null in the error message:
Not allowed to load local resource: blob:null/e0de54c8-b258-4a5a-abb3-4a39c11088c6
We can’t add allow-same-origin to our sandbox attribute, because it would allow cookies, localStorage and sessionStorage to be shared (or interfered with) across notebooks. They’re all hosted on observableusercontent.com.
For example, if you embedded a video in a notebook that sets a cookie containing tracking information about what video you played — a completely unrelated notebook could then read that cookie information out later.
We’ve got some thoughts about potential ways to ease the sandboxing restrictions further, but we’re not ready to make a change quite yet.
Thanks @jashkenas! I’ll see if we can find a way to detect this sort of thing from our end and (if we can do that) fall back to an alternative playback strategy.
Thanks for the explanation @jashkenas — Lack of allow-same-origin seems to prevent me from using OAuth to Google APIs (like this working example in Codepen), so if there are ways to safely ease the restrictions in the future, that would be much appreciated!
Is this why no video embed codes seem to work? I’ve tried youtube & vimeo but no luck. The best I get is to display the interface (vimeo) - youtube has only a black rectangle.
We just added custom origins for notebook content, so you can now embed videos from Wistia, YouTube, Vimeo, and so on, and they should work like a charm. The top example from this post works, and here are some other examples of embeds working.
