From 1d334e4d95d67f5264b9612fb3a2bc801fa1ed1a Mon Sep 17 00:00:00 2001 From: CodeDevMLH <145071728+CodeDevMLH@users.noreply.github.com> Date: Thu, 5 Mar 2026 02:00:54 +0100 Subject: [PATCH] Add YouTube no-cookie host and referrer policy for iframe security --- .../Web/mediaBarEnhanced.js | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Jellyfin.Plugin.MediaBarEnhanced/Web/mediaBarEnhanced.js b/Jellyfin.Plugin.MediaBarEnhanced/Web/mediaBarEnhanced.js index c1d9819..0384813 100644 --- a/Jellyfin.Plugin.MediaBarEnhanced/Web/mediaBarEnhanced.js +++ b/Jellyfin.Plugin.MediaBarEnhanced/Web/mediaBarEnhanced.js @@ -744,6 +744,7 @@ const SlideUtils = { height: '100%', width: '100%', videoId: videoId, + host: 'https://www.youtube-nocookie.com', playerVars: { autoplay: 1, controls: 1, @@ -751,8 +752,15 @@ const SlideUtils = { rel: 0, playsinline: 1, origin: window.location.origin, - widget_referrer: window.location.href, enablejsapi: 1 + }, + events: { + 'onReady': (event) => { + const iframe = event.target.getIframe(); + if (iframe) { + iframe.setAttribute('referrerpolicy', 'strict-origin-when-cross-origin'); + } + } } }); }); @@ -1751,7 +1759,6 @@ const SlideCreator = { loop: 0, playsinline: 1, origin: window.location.origin, - widget_referrer: window.location.href, enablejsapi: 1 }; @@ -1784,9 +1791,15 @@ const SlideCreator = { height: '100%', width: '100%', videoId: videoId, + host: 'https://www.youtube-nocookie.com', playerVars: playerVars, events: { 'onReady': (event) => { + const iframe = event.target.getIframe(); + if (iframe) { + iframe.setAttribute('referrerpolicy', 'strict-origin-when-cross-origin'); + } + // Store start/end time and videoId for later use event.target._startTime = playerVars.start || 0; event.target._endTime = playerVars.end || undefined;