We are trying to use the video player on a KaiOS phone and we are facing some issue due to the restriction that are imposed by this OS. In fact few rules related to the CSP restrictions, prevent the video player to be executed on the firefox browser installed in this device. In particular R4 and R5 listed below are not respected. :
eval()function is not allowed.
Function()class to build a function from as character string is not allowed.
setIntervalfunction with a character string is not allowed.
Do you try to run the player within a "native" app, or just open a web page?
The above restrictions are more or less related to the native apps.
some details about the KaiOS restriction can be found here:
Specific page about KaiOS :
This page says application manifest can have a CSP field, but
The default policies applied to Firefox OS privileged and internal/certified apps are as follows:
- Privileged CSP
default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'
- Certified/Internal CSP
default-src *; script-src 'self'; object-src 'none'; style-src 'self'
These defaults can’t be overridden,only added to, i.e.the CSP policy in the manifest can only make the actual CSP applied more restrictivein the case of privileged/internal apps.
Well, KaiOS is quite new your are right but it is growing quite fast. you can refer to this news for example
We will try to provide you the information you have requested.
KaiOS is not so popular, so we do not have plans to provide special support for it. Being an HTML5 compliant, Firefox should support the playback with our player.
Do you have some special CSP headers in your http responses?
The MDN docs says:
'unsafe-eval' source expression controls several script execution methods that create code from strings. If
'unsafe-eval' isn't specified with the
script-srcdirective, the following methods are blocked and won't have any effect:
window.setTimeout("alert(\"Hello World!\");", 500);
window.execScript(IE < 11 only)
Can you share a test page or at least a full list of the http response headers?