I have NGINX running as a reverse proxy and set the Feature-Policy header with fullscreen to "self". The site itself contains the HTML5 video player, but unless I set fullscreen to "*" the fullscreen button on the video player is disabled. What could cause it to be disabled when set to "self" (or origin for that matter)?
Here's the Feature-Policy (so far, because I noticed there are still a few more I could add):
add_header Feature-Policy "
accelerometer none;
ambient-light-sensor none;
autoplay self;
camera none;
document-write none;
encrypted-media self;
fullscreen self;
geolocation none;
gyroscope none;
layout-animations self;
lazyload self;
legacy-image-formats self;
magnetometer none;
microphone none;
midi none;
notifications none;
oversized-images self;
payment none;
picture-in-picture self;
push none;
speaker self;
sync-script none;
sync-xhr none;
unoptimized-images self;
unsized-media self;
usb none;
vertical-scroll self;
vibrate none;
vr none;";
And here's an example of a video player:
<video playsinline controls autoplay preload="auto">
<source src="/stream/364a42a508d89886d277f779dafb51b7" type="video/mp4">
</video>
There's no added JavaScript or anything.
UPDATE:
The video URL is a stream and not the actual video file, but it is still served locally. Other features that don't work: picture in picture and click to pause/play (only with the actual button).
