Description
Describe the bug
When attempting to load a video background from an external source (https://cdn.akamai.steamstatic.com), the browser blocks it due to the current Content Security Policy.
Refused to load media from 'https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/251110/d331cc0c1d371e3d15af8a6c9a225f87e4cd6124.mp4' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
Steps to reproduce
- Load a board with a background pointing to an external .mp4.
- Observe the video not loading in the background.
- Check browser console for CSP violation.
Impact
Medium, as it affects UX but not functionality
Additional information
No response
Version
1.23.0
Installation method
Docker Compose
Browser
Brave
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Done