diff options
author | Sebastian Pech <spech@spech.de> | 2020-10-22 08:41:20 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-22 08:41:20 +0300 |
commit | efcd13f17868d4e76a1c6bd65c5bd476dfd38052 (patch) | |
tree | 4108e1f8cd6259826b536c16a227aa636b00ee97 | |
parent | 519e0401ee33db1294ec7238be0a1d203df95016 (diff) |
Add youtube/youtube-nocookie to csp
-rw-r--r-- | static/.htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/static/.htaccess b/static/.htaccess index c2a3615..36870ec 100644 --- a/static/.htaccess +++ b/static/.htaccess @@ -29,7 +29,7 @@ Header append X-Content-Type-Options: nosniff # Content Security Policy # Don't implement the above policy yet; instead just report violations that would have occured # Header set Content-Security-Policy-Report-Only: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * https: data:; frame-ancestors 'self';" -Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';" +Header set Content-Security-Policy: "default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; object-src 'none'; frame-src 'self' *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.google.de google.de *.google.com google.com; font-src * data:; frame-ancestors 'self';" # Active GZIP compression <IfModule mod_deflate.c> |