AI-generated Key Takeaways
-
Test your game's HTTP response headers locally to ensure compatibility with YouTube's Content Security Policy for added security.
-
Override the
Content-Security-Policyheader when testing locally to identify and resolve potential CSP violations early in development. -
Use the provided string to precisely mimic the Content Security Policy enforced by YouTube when serving your Playable, ensuring seamless integration.
-
Refer to Chrome DevTools documentation for guidance on setting up local overrides to modify HTTP response headers during testing.
Test http response headers
When your game is served on YouTube, it includes a Content Security Policy response header as an added layer of security.
This limits the kinds of sources Playables can depend on and the kinds of
network requests that can be made from Playables. To minimize issues with
certification and improve the integration process, override the HTTP response
headers for your index.html file when testing locally to catch CSP violations
as early as possible.
You can follow this article to set up local overrides in Chrome.
Once you have your overrides setup for your locally served game, use the
following string to override the Content-Security-Policy header:
default-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.youtube.com/game_api/v0 https://www.youtube.com/game_api/v0/ https://www.youtube.com/game_api/v1 https://www.youtube.com/game_api/v1/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data:; media-src 'self' blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' blob: data:; sandbox allow-pointer-lock allow-same-origin allow-scripts; base-uri 'self'; manifest-src 'self'; worker-src 'self' blob: