From aa296ff9c39f3e4ab29ff849759177a676351a80 Mon Sep 17 00:00:00 2001
From: Jarold Wong <cwjwong@ucdavis.edu>
Date: Wed, 26 Jun 2024 09:22:44 -0700
Subject: [PATCH] add CSP for YT tutorials

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 18a3f1453..1db8fea3f 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -39,7 +39,7 @@ http {
             index  index.html index.htm;
 
             add_header Cache-Control "no-cache";
-            add_header Content-Security-Policy "default-src 'self'; connect-src https://api.ipa.ucdavis.edu https://dw.dss.ucdavis.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com";
+            add_header Content-Security-Policy "default-src 'self'; connect-src https://api.ipa.ucdavis.edu https://dw.dss.ucdavis.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com;";
             add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
             add_header X-Content-Type-Options "nosniff";