From 4615ab880322d4f292172a8e77a394be14068e44 Mon Sep 17 00:00:00 2001
From: samwisekind <samuel.kindler@icloud.com>
Date: Sun, 10 Nov 2024 22:01:12 +0000
Subject: [PATCH] Update CSP headers

---
 next.config.ts | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/next.config.ts b/next.config.ts
index 4813e93..d9ea173 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -2,17 +2,17 @@ import type { NextConfig } from 'next';
 
 import redirects from './redirects.json';
 
-const cspHeader = [
+const CSPHeader = [
   `default-src 'self'`,
-  `script-src 'self' 'unsafe-eval' 'unsafe-inline'`,
+  `script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com`,
   `style-src 'self' 'unsafe-inline'`,
-  `img-src 'self' blob: data:'`,
-  `media-src ctfassets.com`,
+  `img-src 'self' *.ctfassets.net blob: data:'`,
+  `media-src 'self' *.ctfassets.net blob:`,
   `font-src 'self'`,
   `object-src 'none'`,
   `base-uri 'self'`,
   `form-action 'self'`,
-  `frame-src youtube.com www.youtube.com`,
+  `frame-src 'self' *.youtube.com *.youtube-nocookie.com`,
   `frame-ancestors 'none'`,
   `upgrade-insecure-requests'`,
 ].join('; ');
@@ -37,7 +37,7 @@ const nextConfig: NextConfig = {
       source: '/(.*)',
       headers: [{
         key: 'Content-Security-Policy',
-        value: cspHeader,
+        value: CSPHeader,
       }, {
         key: 'X-Content-Type-Options',
         value: 'nosniff',
@@ -54,7 +54,7 @@ const nextConfig: NextConfig = {
         value: 'SAMEORIGIN https://app.contentful.com',
       }, {
         key: 'Content-Security-Policy',
-        value: [cspHeader, `frame-ancestors 'self' https://app.contentful.com`].join('; '),
+        value: [CSPHeader, `frame-ancestors 'self' https://app.contentful.com`].join('; '),
       }],
     }];
   },