We're trying to get Webtorrent to work with Pone 5.
We already modified permissions for HTML filtering and the like, so that other javascript, embedded videos, etc. work fine.
But it appears there is some further tweaking necessary to get Webtorrent to be allowed to run.
We are getting the following error from the embedded code:
[Report Only] Refused to load the script 'https://cdn.jsdelivr.net/webtorrent/latest/webtorrent.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'".
Ah nevermind, it is probably this issue: "The Content Security Policy (CSP) is a powerful mechanism to prevent Cross Site Scripting (XSS) attacks on web sites which accounts for the majority of all security vulnerabilities.
I'm pretty sure an error like that is due to your own proxy server's defined security policies. Plone does not OOTB, define any security policies for loading scripts.
The current policy you seem to have in place is safe but sounds like it's too restrictive for your use-case.
You can try placing that file in your theme/site and loading from there or checking your configuration. If you share your domain, someone here can tell you what header is causing it.
Okay. It was Nginx getting in the way. I've been running on Apache for so long, and only recently been running into actually using Nginx, so didn't know its quirks.
We'll try setting up webtorrent again later this week, and see if it works with the changes.
Thanks!