diff options
| author | Sebastian Pech <spech@spech.de> | 2020-10-22 08:41:25 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-22 08:41:25 +0300 |
| commit | 4a27a11c18129c4e328ed15a114957da245eb0d4 (patch) | |
| tree | aa46619db475da3a3fc4e89eb58d62dfc93d9790 | |
| parent | 9d9346c2b1a8ec70e75661c16c9522ab9b6359c9 (diff) | |
Add youtube/youtube-nocookie to csp
| -rw-r--r-- | static/.htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/static/.htaccess b/static/.htaccess index c2a3615..36870ec 100644 --- a/static/.htaccess +++ b/static/.htaccess @@ -29,7 +29,7 @@ Header append X-Content-Type-Options: nosniff # Content Security Policy # Don't implement the above policy yet; instead just report violations that would have occured # Header set Content-Security-Policy-Report-Only: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * https: data:; frame-ancestors 'self';" -Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';" +Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';" # Active GZIP compression <IfModule mod_deflate.c> |