From 2fe40c752b4272484972f141e406fbcb7fa0cdb8 Mon Sep 17 00:00:00 2001
From: tdro <tdro@noreply.example.com>
Date: Sat, 3 Dec 2022 01:02:40 -0500
Subject: themes/default/layouts/shortcodes/video.html: Default to self always

To avoid hotlinking by mistake. Support media start and end fragments
(https://www.w3.org/TR/media-frags/) separately. Add remote parameter
for offloading to source
---
 config.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'config.yaml')

diff --git a/config.yaml b/config.yaml
index bb55ea4..5dbe841 100644
--- a/config.yaml
+++ b/config.yaml
@@ -96,15 +96,15 @@ params:
     default-src: ["'self'"]
     font-src: ["'self'"]
     form-action: ["'self'", lite.duckduckgo.com]
-    frame-src: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
-      en.m.wikipedia.org, odysee.com, www.gutenberg.org]
+    frame-src: ["'self'", www.youtube-nocookie.com, platform.twitter.com, en.m.wikipedia.org,
+      odysee.com, www.gutenberg.org]
     img-src: ["'self'", http://preview.test, www.gutenberg.org]
     manifest-src: ["'self'"]
-    media-src: ["'self'", raw.githubusercontent.com, i.imgur.com]
+    media-src: ["'self'"]
     object-src: ["'self'", www.gutenberg.org]
     prefetch-src: ["'self'"]
-    script-src-elem: ["'self'", s.imgur.com, platform.twitter.com]
-    script-src: ["'self'", s.imgur.com, platform.twitter.com]
+    script-src-elem: ["'self'", platform.twitter.com]
+    script-src: ["'self'", platform.twitter.com]
     style-src: ["'self'", "'unsafe-inline'", http://preview.test]
     worker-src: ["'self'"]
   search:
-- 
cgit v1.2.3