I also faced this issue, and the most reliable workaround I found was to create a proxy route through my own domain — this avoids direct embedding from restricted origins (like file:// or non-HTTPS contexts).

On the website, I added a specific route to embed YouTube videos, and then used that route inside my app or webview instead of embedding YouTube directly. This way, the video loads securely over HTTPS from my domain, bypassing the platform restriction.

Workaround steps

1. Create a route on your website, e.g. /video or /embed.

2. Make that route accept a ?id= parameter for the YouTube video ID.

3. In that route, generate the YouTube <iframe> using the received ID (e.g. https://www.youtube.com/embed/${id}).

4. Ensure your domain allows CORS or iframe embedding from your app’s origin.

5. In your app, embed your own route (e.g. https://yourdomain.com/embed?id=XXXX) instead of the raw YouTube URL.

Cloudflare Worker version (recommended for flexibility)

If you don’t want to modify your main backend, you can handle this entirely with a Cloudflare Worker: