About the youtube procedure in scribble-embedding package

Hello Racket friends:
Please, if possible: could you verify** if the youtube procedure in the very useful scribble-embedding package is working fine for you?**

In my installation (Racket v9.1, under Windows 10 and the current version of scribble-embedding package), the following code:

#lang scribble/manual
@require[scribble-embedding]
@title[#:style 'toc-hidden]{Testing @tt{scribble-embedding's} @tt{youtube} procedure}
@(youtube "https://www.youtube.com/embed/y1rOWZkALto")

Generates the following message:

image548×116 6.94 KB

Thank you very much in advance for your support on this issue.
Kind regards,
E. Comer

P. S.
(a) The google-form procedure, is working fine.
(b) As a reference, the youtube procedure (in scribble-embedding package) worked fine when I use it, the years 2022-2025.

Hi,

The problem is the video itself:

image926×386 10.1 KB

/Jens Axel

Interesting!

I pasted the link

https://www.youtube.com/embed/y1rOWZkALto

into youtube and got the error.

But I now see that it works on Discourse.

Does this link work for you?

https://youtu.be/y1rOWZkALto

Thank you @soegaard , for your reply.

The link that you shared: "https://youtu.be/y1rOWZkALto" works fine, directly in my web browser.

I'm using as a reference the documentation for the scribble-embedding package, for example as in the file with link: scribble-embedding/scribblings/doc.scrbl at master · shriram/scribble-embedding · GitHub . Please see line 90 of the code, that corresponds in my local documentation to:

@(youtube " https://www.youtube.com/embed/43XaZEn2aLc ")

The problem is that (in my current installation,) the code above (line 90) generates the Error 153, at the HTML output of the associated scribble file.

Does the above line of code, works fine in your installation, using the scribble-embedding package?

Thank you very much for your support to solve this issue.
EC

The link that you shared: "https://youtu.be/y1rOWZkALto" works fine, directly in my web browser.

Does it work in Scribble too?

If not, do you have a minimal, full Scribble we can use to debug?

Thank you @soegaard . The link "https://youtu.be/y1rOWZkALto" doesn't work under Scribble file:

A minimal Scribble file to produce the Error 153 is:

#lang scribble/manual
@require[scribble-embedding]
@(youtube "https://www.youtube.com/embed/43XaZEn2aLc")

Exploring this issue, I searched for the API changes for embedding a Youtube video, and found that the Error 153 was introduced in July 9, 2025. See the section with link: https://developers.google.com/youtube/iframe_api_reference#Revision_History

It seems that a HTTP Referer is now needed to be able to embed the YouTube Video: see for example the section with link: https://developers.google.com/youtube/terms/required-minimum-functionality#set-the-referer

Thank you again for your support to solve this problem.
Kind regards.
EC

You found the cause:

image1490×296 35.7 KB

This means Shriram needs to add an header.

Make an issue.

Thank you very much @soegaard for the suggestion.

In link: https://github.com/shriram/scribble-embedding/issues/1, you can see the issue created.

Thank you in advance to professor Shriram, for the corresponding update in order to fix this [first] issue. And also for having created in the first place, the very practical and useful scribble-embedding package.

Kind regards.
EC

Unfortunately, this is going to depend on how the scribble doc is served as HTML (i.e. file://, http://, https://) and how the browser handles referrerPolicy. Scribble is not setting a <meta name="referrer" .../> tag so the referrer policy for the generated html will be whatever the browser determines it should be. Actually setting a referrer policy that will work for all schemes is particularly difficult for file:// schemes. Safari seems like it won't ever send a referrer for file:// scheme even when using "unsafe-url". If you are serving this from an http server, then "unsafe-url" works fine and many of the other non-strict referrerPolicy option should also work. From https should also allow for some of the strict options.

There are a couple of ways to set the referrer policy in HTML. First is to add a meta tag to the HTML and second is to add it directly to the iframe. There might be a way to do the first option via scribble, but I'm not sure without more research how to do that. The second option is probably more appropriate for a scribble-embedding fix and would be something along the lines of

diff --git a/main.rkt b/main.rkt
index 4da1b44..133cb3b 100644
--- a/main.rkt
+++ b/main.rkt
@@ -46,6 +46,7 @@
      `(iframe [@ (src ,url)
                 (width ,(number->string width))
                 (height ,(number->string height))
+                 (referrerpolicy "unsafe-url")
                 ,@(if frame-border
                       `((frameborder ,(number->string frame-border)))
                       `())

Actual fix likely won't want to use "unsafe-url", see <iframe>: The Inline Frame element - HTML | MDN for options.

I haven't investigated in detail, but I expect this will indeed be a challenge. Per RFC 9110 § 10.1.3:

The Referer header field has the potential to reveal information about the request context or browsing history of the user, which is a privacy concern … Most general-purpose user agents do not send the Referer header field when the referring resource is a local "file" or "data" URI.

The scribble-embedding package can certainly add a referrerpolicy attribute (maybe origin?) to help when documents are served over HTTP.

Scribble documents are designed to work from file:// URLs, but it is not clear to me if Google wants to support this usecase for YouTube anymore. I found Google documentation on an origin player parameter (which it says to use for SFSafariViewController embedding, which does not set Referer) and a “YouTube Player API Reference for iframe Embeds” (which seems more likely to be relevant than the docs on mobile app embedding), but, in some (non-exhaustive) experiments, I have not found a way to hand-write a HTML file embedding a YouTube video that works when opened through file://.

If you have the rights to this video, you might consider just hosting it yourself. Here is a rough sketch (save https://developer.mozilla.org/shared-assets/videos/flower.webm next to your .scrbl file):

#lang scribble/manual
@; SPDX-License-Identifier: CC0-1.0

@(require scribble/core
          scribble/html-properties
          (only-in xml comment))

@(define (local-video relative-webm)
   (paragraph
    (style #f (list (install-resource relative-webm)
                    (alt-tag "video")
                    (attributes `([controls . "controls"]
                                  [width . "250"]))))
    @elem[
 #:style (style #f (list (alt-tag "p")
                         (xexpr-property
                          `(source ([src ,relative-webm]
                                    [type "video/webm"]))
                          (comment "nothing to inject after fallback"))))]{
 Your browser does not support this embedded video:
 you can @hyperlink[relative-webm]{download it} instead.
 }))

@local-video["flower.webm"]

Advice and patch suggestion from ChatGPT:

Thank you very much @LiberalArtist for this suggestion.
It would be great if in an updated version of scribble-embedding (hopefully soon, for the benefit of all users), your local-video procedure could be included.

Kind regards.

P. S. We hope someone technically proficient on the complexities of this issue (as indicated by @mwblakley and @soegaard), will be able to advance in solving it —may be by working first in the case when the Scribble doc is served as https, or http. Thanks again for your support.

For the record, when I wrote above that “it is not clear to me if Google wants to support this usecase [i.e. file:// urls] for YouTube anymore,” it is not clearly unsupported, either. I did not find any explicit discussion in Google's docs about file:// urls at all.

I have extremely low confidence in the accuracy of LLM output in general, but I wonder if it might have simply regurgitated my tentative conclusion. I didn't get the origin player parameter with the iframe embedding API to work, but I also didn't encounter anything that clearly wouldn't work, and the LLM output didn't discuss that API at all.

(That said, I am not convinced that YouTube's newfound desire for a Referer header is legitimate from a privacy perspective.)

I got ChatGPT to find me the relevant parts of the YouTube documentation.

From Embed videos & playlists - YouTube Help

image1472×658 107 KB

Clicking the "developer documentation" leads to:

My clear impression is that plain file:// without a local file server is not supposed to work.

That the requirement is in the Terms of Service means this is not by accident.

I will not be surprised if the ultimate conclusion is that file:// URLs are no longer supported by YouTube, I just don't think that has been definitively established yet.

The documentation page you linked to says:

The link to discussion of the origin player parameter is what led me to the YouTube Player API Reference for iframe Embeds  |  YouTube IFrame Player API  |  Google for Developers documentation, which seems more applicable anyway to Scribble-generated HTML pages, which hardly constitute an “app.”

I did not, in fact, successfully get anything based on the iframe API documentation working from a file:// url, but I emphasize that I did not try very hard, and I didn't run into any clear dead end with that approach. It's a different situation than with RFC 9110 § 10.1.3, which is fairly conclusive that no Referer policy will be effective for file:// URLs.

That said, all of the focus in the documentation on “app”s and “API client”s does give me the sinking feeling that people at YouTube are not thinking about iframes as fancy links, among the permissionless connections between hypermedia of which the open Web is woven. I just don't want my general feeling of apprehension to be mistaken for definitive knowledge.