From 4a27a11c18129c4e328ed15a114957da245eb0d4 Mon Sep 17 00:00:00 2001
From: Sebastian Pech <spech@spech.de>
Date: Thu, 22 Oct 2020 07:41:25 +0200
Subject: Add youtube/youtube-nocookie to csp

---
 static/.htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/.htaccess b/static/.htaccess
index c2a3615..36870ec 100644
--- a/static/.htaccess
+++ b/static/.htaccess
@@ -29,7 +29,7 @@ Header append X-Content-Type-Options: nosniff
 # Content Security Policy
 # Don't implement the above policy yet; instead just report violations that would have occured
 # Header set Content-Security-Policy-Report-Only: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * https: data:; frame-ancestors 'self';"
-Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';"
+Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';"
 
 # Active GZIP compression
 <IfModule mod_deflate.c>
-- 
cgit v1.2.3