From f1b5bffdd8a8f1861f8e7f689dff8c376a17fc34 Mon Sep 17 00:00:00 2001
From: Quincy Larson <michaelqlarson@gmail.com>
Date: Tue, 19 Apr 2016 00:23:27 -0700
Subject: [PATCH] Update CSP to remove vimeo and add youtube

---
 server/middlewares/csp.js | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/middlewares/csp.js b/server/middlewares/csp.js
index b64036275b..f50ecd8431 100644
--- a/server/middlewares/csp.js
+++ b/server/middlewares/csp.js
@@ -26,10 +26,6 @@ export default function csp() {
         '*.jsdelivr.com',
         '*.twimg.com',
         'https://*.twimg.com',
-        'vimeo.com'
-      ].concat(trusted),
-      connectSrc: [
-        'vimeo.com'
       ].concat(trusted),
       styleSrc: [
         "'unsafe-inline'",
@@ -62,7 +58,7 @@ export default function csp() {
       frameSrc: [
         '*.gitter.im',
         '*.gitter.im https:',
-        '*.vimeo.com',
+        '*.youtube.com',
         '*.twitter.com',
         '*.ghbtns.com',
         '*.freecatphotoapp.com',