I have a field where users can upload a video file. When I grab the URL to that video from the API and play it in Firefox, everything plays just fine. When I try to play it in Chrome, I get the following error:

Refused to load media from 'https://url/to/my/video.mp4?’ because it violates the following Content Security Policy directive: “default-src ‘none’”. Note that ‘media-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

(url intentionally obfuscated)