DFS 10.4.0 - Video playback failed because of Content Security Policy (CSP)

If you experience that you cannot play video in the Content editor or the Asset browser and you see an error message in the DEV console (F12) that says something like this:

Then a Content Security Policy (CSP) has been added to the page header and the iframe’s src is not allowed in the policy. You have to add the digizuite dam url to the policy in order for video and audio to play.

Out of the box Sitecore has added this CPS to Sitecore 9.3 and newer. Open the we.config of you site and locate the following scetion:

<location path="sitecore"> <system.webServer> <httpProtocol> <customHeaders> <remove name="X-Content-Type-Options" /> <remove name="X-XSS-Protection" /> <remove name="Content-Security-Policy" /> <add name="X-XSS-Protection" value="1; mode=block" /> <add name="X-Content-Type-Options" value="nosniff " /> <add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;" /> </customHeaders> </httpProtocol> </system.webServer> </location>

Add the digizuite DAM url to the Content-Security-Policy. Like this.

frame-src 'self' 'unsafe-inline' https://[DAM URL];