I am receiving a couple of non-critical error messages when using YouTube's Player API inside of a Google Chrome Extension under v2.
I have the following definitions in my content_security_policy:
"content_security_policy":
"script-src 'self' https://www.youtube.com/player_api https://s.ytimg.com/yt/jsbin/www-widgetapi-vfl9Ni0ki.js; object-src 'self'"
The first reference, player_api, has a dependency on the widgetapi. This is clear if you navigate to the player_api url and look at its contents:
if (!window['YT']) {var YT = {};}if (!YT.Player) {(function(){var s = 'https:' + '//s.ytimg.com/yt/jsbin/www-widgetapi-vflU5wlSl.js';var a = document.createElement('script');a.src = s;a.async = true;var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);YT.embed_template = "\u003ciframe width=\"425\" height=\"344\" src=\"\" frameborder=\"0\" allowfullscreen\u003e\u003c\/iframe\u003e";})();}
That's all well and good. My content security policy works and YouTube videos load successfully. However, behind the scenes, I see a lot of warnings:
It is my understanding that the message "Unsafe JavaScript attempt to access frame with URL..." is unable to be removed or hidden. If anyone knows of a way to suppress this message, I would be very interested!
I do not have any understanding about the "Unable to post message to ..." error, though. A quick Google turns up a few people experiencing similiar issues, but I did not see any resolution. The widgetAPI is all minified -- making it hard to see what's actually going on.
Am I supposed to be receiving these errors? Is there a way to alleviate the errors? Or even suppress them (since they don't seem to actually break anything)?
Unable to post message to http://www.youtube.com is resolved by wrapping the YTPlayer instantiation code with a $(window).load() instead of a $(document).ready.
Uncaught TypeError: Cannot call method 'apply' of null is resolved by providing functions for onReady, onStateChange, and onError. You cannot provide null for one of these callbacks.
I believe the "Unsafe JavaScript attempt..." message is due to this bug in Chrome/Chromium:
http://code.google.com/p/chromium/issues/detail?id=17325
.. which prevents catching this exception while testing for direct cross-domain communication.
It's safe to ignore that message, but (until that bug gets fixed) there is no way to avoid those warnings.
The other questions have already been answered.