Playables SDK Test Suite
Stay organized with collections
Save and categorize content based on your preferences.
Go to the SDK Test Suite
When your game is served on YouTube, it includes a Content Security Policy
response header as an added layer of security.
This limits the kinds of sources Playables can depend on and the kinds of
network requests that can be made from Playables. To minimize issues with
certification and improve the integration process, override the HTTP response
headers for your index.html file when testing locally to catch CSP violations
as early as possible.
You can follow this article to set up local overrides in Chrome.
Once you have your overrides setup for your locally served game, use the
following string to override the Content-Security-Policy header:
default-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.youtube.com/game_api/v0 https://www.youtube.com/game_api/v0/ https://www.youtube.com/game_api/v1 https://www.youtube.com/game_api/v1/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data:; media-src 'self' blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' blob: data:; sandbox allow-pointer-lock allow-same-origin allow-scripts; base-uri 'self'; manifest-src 'self'; worker-src 'self' blob:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-29 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-29 UTC."],[[["Test your game's HTTP response headers locally to ensure compatibility with YouTube's Content Security Policy for added security."],["Override the `Content-Security-Policy` header when testing locally to identify and resolve potential CSP violations early in development."],["Use the provided string to precisely mimic the Content Security Policy enforced by YouTube when serving your Playable, ensuring seamless integration."],["Refer to Chrome DevTools documentation for guidance on setting up local overrides to modify HTTP response headers during testing."]]],["Testing Playables on YouTube involves managing the Content Security Policy (CSP) header, which restricts resource access and network requests for security. To avoid certification issues, locally override the HTTP response headers. Use Chrome's local override feature, referencing the provided article for setup. Apply the given `Content-Security-Policy` string to the header to test your locally served game. This allows for early detection of CSP violations during the integration process.\n"]]
