react-player: Error parsing header X-XSS-Protection: 1; When playing youtube videos

This issue popped up sometime between last week and this week which causes issues such as setting the playing=true state does not work and many more. The demo site also gives this error. Here’s the Full text

Error parsing header X-XSS-Protection: 1; mode=block; 
report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for 
secure page at character position 22. The default protections will be applied.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 9
  • Comments: 23 (2 by maintainers)

Most upvoted comments

It’s a known bug in current Google Chrome and Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=807304

In current version of their browser Chrome developers had restricted the X-XSS-Protection’s report field URL to the same domain origin for some security reasons. So, when you embed video with some embed code, at it downloads from another server where the header report=https://www.google.com/ is set, and while your page is not hosted at google.com domain - the error message occurs.

Just wait till they’ll sort this out.

+62
phpony on Feb 12, 2018

Hola, yo también presento ese mis mensaje de error, mientras manipulo la api de youtube o incrusto un video del canal, pero efectivamente este mensaje no afecta la funcionalidad para poder visualizar el video correctamente. Actualmente puedo ver los videos sin problema y utilizar sus funcionalidades.

+5
codigovacio on Feb 28, 2018

after a little more investigation, turns out this is a chrome-specific error. I think the error will go away in the future since this is not the first time that the error pops up.

+5
davidwwu on Dec 4, 2017

+1

+4
eapostol on Feb 9, 2018
Read more comments on GitHub
← omniauth-rails_csrf_protection: token_verifier.rb:34 ActionController::InvalidAuthenticityToken
react-player: Failed to execute 'postMessage' on 'DOMWindow' →