I met this issue while playing livestream with hls.js on Edge.
Refused to load media from 'blob:https://www.liveshopping.gr/2b272e11-375a-408d-8e25-9aa2111a1732' because it violates the following Content Security Policy directive: "media-src *". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'blob:' must be added explicitly.
The domain of my website is
www.liveshopping.grand livestreams are from
stream.liveshopping.gr
Even though I have added CSP in general settings of nopcommerce and the meta tag did appear in our web page, but it didn't work on Edge, I don't know if it should configure something on IIS. By the way, without this meta, livestreams feature of our website can play on Firefox, but FF will show CSP warning logs.
This is my meta tag:
<meta http-equiv="Content-Security-Policy" content="default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; media-src * self 'unsafe-inline' 'unsafe-eval' blob: data: gap:;">
Thanks you very much.