I have NGINX running as a reverse proxy and set the Feature-Policy header with fullscreen to “self”. The site itself contains the HTML5 video player, but unless I set fullscreen to “*” the fullscreen button on the video player is disabled. What could cause it to be disabled when set to “self” (or origin for that matter)?
Here’s the Feature-Policy (so far, because I noticed there are still a few more I could add):
add_header Feature-Policy " accelerometer none; ambient-light-sensor none; autoplay self; camera none; document-write none; encrypted-media self; fullscreen self; geolocation none; gyroscope none; layout-animations self; lazyload self; legacy-image-formats self; magnetometer none; microphone none; midi none; notifications none; oversized-images self; payment none; picture-in-picture self; push none; speaker self; sync-script none; sync-xhr none; unoptimized-images self; unsized-media self; usb none; vertical-scroll self; vibrate none; vr none;";
And here’s an example of a video player:
<video playsinline controls autoplay preload="auto"> <source src="https://serverfault.com/stream/364a42a508d89886d277f779dafb51b7" type="video/mp4"> </video>