If a teacher creates a folder of videos for a course and does not set the Force download option, students are not able to directly view the videos in Chrome by clicking on the video links. They simply see a small window containing a blank video icon. 

If you open the developer tools and inspect the console output for that window you see the cause, namely:

        Refused to load media from ... because it violates the following Content Security Policy directive: "media-src 'none'".

The reason is that the page header in <moodlehome>/mod/folder/lib.php is set by the line

    header("Content-Security-Policy: default-src 'none'; img-src 'self'");

So images can be viewed directly but videos cannot. Forcing students to download videos and play them on their own machine greatly reduces the accessibility of the videos.

The videos do however play directly in Firefox, which appears not to respect the security policy in this particular case. 

To reproduce, proceed as follows using the Chrome browser:

1.  Navigate into any course and turn on editing
2. Add an activity -> folder
3. Drag an mp4 video into the folder contents
4. Turn off Force download
5. Save and display the folder
6. Click on the link to the video in the folder.

Expected result: the video should play in the browser.

Actual result: an empty video player icon is displayed.