From b140d98e7c3690b9dab25ebddfb1f96308017d75 Mon Sep 17 00:00:00 2001 From: Simon Hyll Date: Tue, 21 May 2024 05:09:42 +0200 Subject: [PATCH] fix: allow youtube embed --- astro.config.mjs | 2 +- public/_headers | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/astro.config.mjs b/astro.config.mjs index 8e89a5619..93c770e32 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -115,7 +115,7 @@ export default defineConfig({ }, { tag: 'meta', - attrs: { 'http-equiv': 'Content-Security-Policy', content: "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:;" }, + attrs: { 'http-equiv': 'Content-Security-Policy', content: "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com" }, }, ], editLink: { diff --git a/public/_headers b/public/_headers index de2a7be73..893239fcd 100644 --- a/public/_headers +++ b/public/_headers @@ -2,4 +2,4 @@ X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff - Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:; + Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com;