From 06aceb447cd942105af8483afa7c84045e8a0610 Mon Sep 17 00:00:00 2001
From: Cristen Jones <cjones3@mbta.com>
Date: Tue, 18 Feb 2025 11:16:51 -0500
Subject: [PATCH] feat(Plugs.SecureHeaders): add Vimeo to frame-src CSP
 directive

---
 lib/dotcom_web/plugs/secure_headers.ex | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/dotcom_web/plugs/secure_headers.ex b/lib/dotcom_web/plugs/secure_headers.ex
index 268718f0f4..4574059111 100644
--- a/lib/dotcom_web/plugs/secure_headers.ex
+++ b/lib/dotcom_web/plugs/secure_headers.ex
@@ -34,6 +34,7 @@ defmodule DotcomWeb.Plugs.SecureHeaders do
       www.googletagmanager.com
       www.instagram.com
       *.soundcloud.com
+      *.vimeo.com
     ],
     img: ~w[
       img-src