Content Security Policy (CSP) is a website-level security protocol, and this article assumes you’re already familiar with managing a CSP on your website. For more general information on what CSP is and how it works, here are some great references:
Our developers have composed a handy example of a Content Security Policy that allows for Wistia playback and functionality:
The best way to get started with making your CSP Wistia-friendly is to look over this example and implement all of the Wistia-specific rules we include. Those rules enable your CSP to allow the Wistia player to do everything it needs for playback, stats, and any other functionality.
One of the nice features of CSP is clear error reporting. If you are noticing issues with Wistia embeds or playback on a site with CSP, the first place to look is the browser console in the developer tools. CSP will generally call out the specific CSP directive that is being violated, and list everything included in that directive. Take a look at this error and check it against our CSP example on Glitch for any rules that might be missing.
There is also a Report-Only mode in CSP which allows you to identify potential CSP conflicts on the site without actually breaking anything. Similar to the recommendation above, it will print descriptive errors to the browser console without enforcing the policy and potentially breaking video playback. This option is a great tool for newly implementing a CSP on your website that already has Wistia videos, without the risk of unexpected playback issues.
If you’ve followed our example and tips above, and you’re still seeing issues with CSP & Wistia videos, feel free to email email@example.com and we can take a look at the website. We’ll do our best to investigate the errors and make some suggestions for getting things to work properly.