0

In PrestaShop I'm using a module which embeds a YouTube video like:

<iframe width="560" height="315" frameborder="0" iv_load_policy="3" fs="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" data-src="https://youtube.com/embed/VIDEO_ID?rel=0&amp;controls=0&amp;showinfo=0&amp;modestbranding=1"></iframe>

Everything seems to work / the video is playing - but in the browser console I see the following error:

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://youtube.com') does not match the recipient window's origin ('https://OUR_DOMAIN').

After I have spend a lot of time googling and reading through all similar issues here at SOO this issue is not about CORS or similar. Most people who report this issue claim it's due to how the YouTube video is loaded incl. params etc... I have tried multiple things - but I have not succeeded to remove this error. I hope you guys have a way to resolve this here in 2022.

PabloDK
  • 2,181
  • 2
  • 19
  • 42

1 Answers1

-2

Probably you may consider adding XFrame-options as url youtube.com for your website.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Bobby Thomas
  • 91
  • 6
  • The question is about displaying YouTube in an iframe. If `X-Frame-Options` could help, then it would require changing the headers returned by YouTube, which the OP won't have access to. `X-Frame-Options` can't help here because the problem isn't that the document isn't displayed inside the frame, but that the JS it runs is trying to work cross-origin in a non-compatible way. Additionally, as per the blue box on the page you link to, `X-Frame-Options` has been obsoleted by CSPs. – Quentin Sep 30 '22 at 19:46