3

I'm trying to embed a youtube video in my next.js web app. Everything works fine from the "functional" point of view, however Chrome highlight the following issue related to cookies (NOTICE: I'm already using the no-cookie url version, as you will see in the link of the iframe):

Indicate whether a cookie is intended to be set in a cross-site context by specifying its
SameSite attribute

I understand the underlying problem: youtube is trying to set a cookie and since it is a cross-origin request the browser raise an issue. However, I want to understand how to solve the problem using next.

Just to give further information I'm using nginx as webserver and pm2 to run nextjs server-side.

This is the iframe:

       <iframe
            className="relative left-1/2 -translate-x-1/2 h-60 2xs:h-80 xs:h-96 lg:h-100 w-full sm:w-2/3"
            src="https://www.youtube-nocookie.com/embed/s563j8bP6eE"
            title="YouTube video player"
            frameBorder={"0"}
            allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
            allowFullScreen />

CLARIFICATIONS: The purpose of this question is NOT to ask how can I disable cookies warnings (which is explained in a different answer like this one: link), but instead I want to ask if there was a way to configure Youtube FramerAPI to avoid the issue.

Update:

I've managed to deploy my application on a server (with HTTPS) and it doesn't raise any issue. The issue might be related to local development without HTTPS.

AndreaCostanzo1
  • 1,799
  • 1
  • 12
  • 30
  • 2
    That's not a problem you can solve from your end at all, YouTube would have to add the SameSite attribute on their end when they are setting that cookie. – CBroe Sep 01 '21 at 13:22
  • Well, that's sure, but can I (for instance) prevent youtube from setting cookies in any way? – AndreaCostanzo1 Sep 01 '21 at 13:25
  • 1
    Only if YT offered any additional parameters for that (which to my knowledge, they don't - using the nocookie domain is already the maximum you can get in that regard, the remaining cookies are considered technically necessary.) But _why_ even? Just because Chrome indicates this as a _potential_ issue, doesn't necessarily mean it absolutely needs fixing. – CBroe Sep 01 '21 at 13:36
  • It actually blocks the video on the server. I'm reading documentation, maybe I find something that I missed – AndreaCostanzo1 Sep 01 '21 at 13:39
  • 1
    https://stackoverflow.com/a/58414166/11613622 – brc-dd Sep 01 '21 at 13:56
  • I don't want to modify the security of my browser. The video should be made available to every user – AndreaCostanzo1 Sep 01 '21 at 13:59
  • @AndreaCostanzo1 That's not the answer I linked to said. It said that this needs to be done on YT's side. – brc-dd Sep 01 '21 at 14:02
  • @brc-dd Sorry, It loaded the wrong answer – AndreaCostanzo1 Sep 01 '21 at 14:03

0 Answers0