Merge pull request #328 from alphagov/update-csp

Allow YouTube thumbnails from https://i.ytimg.com
alphagov · Nov 17, 2023 · 8598b90 · 8598b90
2 parents d83f880 + 389993c
commit 8598b90
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 9.6.0
+
+* Allow YouTube thumbnails from https://i.ytimg.com in the global Content Security Policy ([#328](https://github.com/alphagov/govuk_app_config/pull/328))
+
 # 9.5.0
 
 * Allow gov.uk domains to embed pages in the global Content Security Policy ([#325](https://github.com/alphagov/govuk_app_config/pull/325))

diff --git a/lib/govuk_app_config/govuk_content_security_policy.rb b/lib/govuk_app_config/govuk_content_security_policy.rb
@@ -41,7 +41,8 @@ def self.build_policy(policy)
                    # Some content still links to an old domain we used to use
                    "assets.digital.cabinet-office.gov.uk",
                    # Allow YouTube thumbnails
-                   "https://img.youtube.com"
+                   "https://img.youtube.com",
+                   "https://i.ytimg.com"
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
     # Note: we purposely don't include `data:`, `unsafe-inline` or `unsafe-eval` because

diff --git a/lib/govuk_app_config/version.rb b/lib/govuk_app_config/version.rb
@@ -1,3 +1,3 @@
 module GovukAppConfig
-  VERSION = "9.5.0".freeze
+  VERSION = "9.6.0".freeze
 end