player.js icon indicating copy to clipboard operation
player.js copied to clipboard
verified publisher icon vimeo

[BUG][CRITICAL] Domain restricted videos play after html page download using 'save as'

Open prabushitha opened this issue 3 years ago • 0 comments

Expected Behavior

Should give an authentication error

Because of its privacy settings, this video cannot be played here.

Actual Behavior

Video can be played by opening the downloaded HTML

Steps to Reproduce

  • Upload a video and set privacy to Specific Domains
  • Embed the video on a valid domain
  • Go to the embedded page in the domain and save the page (right click -> save as)
  • Open the download page from the local computer
  • Although the video is private, embedded video can be played from the downloaded HTML file.

prabushitha avatar Aug 03 '22 09:08 prabushitha