summaryrefslogtreecommitdiffstats
path: root/src/invidious.cr
diff options
context:
space:
mode:
Diffstat (limited to 'src/invidious.cr')
-rw-r--r--src/invidious.cr1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/invidious.cr b/src/invidious.cr
index c4ca9c08..cdf64696 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -197,6 +197,7 @@ before_all do |env|
extra_media_csp = ""
if CONFIG.disabled?("local") || !preferences.local
extra_media_csp += " https://*.googlevideo.com:443"
+ extra_media_csp += " https://*.youtube.com:443"
end
# TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ")
env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}"
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-17 22:55:16 +0000