From 1e10b1393118c766611d134e2e0bb1e7eee78960 Mon Sep 17 00:00:00 2001
From: Jason I <jason.ibrahim@dfinity.org>
Date: Mon, 22 Jan 2024 11:32:07 -0800
Subject: [PATCH] chore: add youtube to frame-src CSP

---
 static/.ic-assets.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/.ic-assets.json b/static/.ic-assets.json
index 85cc7b29dc..c6e204ad68 100644
--- a/static/.ic-assets.json
+++ b/static/.ic-assets.json
@@ -7,7 +7,7 @@
     "match": "**/*",
     "allow_raw_access": true,
     "headers": {
-      "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://widget.kapa.ai https://www.google.com https://www.gstatic.com;connect-src 'self' https://*.ic0.app https://ic0.app https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud ic-api.internetcomputer.org mxzaz-hqaaa-aaaar-qaada-cai.raw.ic0.app https://data.jsdelivr.com https://cdn.jsdelivr.net https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app;img-src 'self' data: https:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src https://www.youtube.com;base-uri 'self';frame-src https://motoko.agorapp.dev https://www.google.com https://internetcomputer.matomo.cloud;frame-ancestors https://internetcomputer.matomo.cloud;form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests;",
+      "Content-Security-Policy": "default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://widget.kapa.ai https://www.google.com https://www.gstatic.com;connect-src 'self' https://*.ic0.app https://ic0.app https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud ic-api.internetcomputer.org mxzaz-hqaaa-aaaar-qaada-cai.raw.ic0.app https://data.jsdelivr.com https://cdn.jsdelivr.net https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app;img-src 'self' data: https:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self';frame-src https://motoko.agorapp.dev https://www.google.com https://internetcomputer.matomo.cloud https://www.youtube.com;frame-ancestors https://internetcomputer.matomo.cloud;form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests;",
       "X-Frame-Options": "DENY",
       "Referrer-Policy": "same-origin",
       "Strict-Transport-Security": "max-age=31536000; includeSubDomains",