From 5bef2f459ebe883840bee63d490e749644f93c12 Mon Sep 17 00:00:00 2001
From: Cristen Jones <cjones3@mbta.com>
Date: Tue, 18 Feb 2025 13:01:18 -0500
Subject: [PATCH] fixup(Plugs.SecureHeaders): add Vimeo to frame-src CSP
 directive

---
 lib/dotcom_web/plugs/secure_headers.ex | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/dotcom_web/plugs/secure_headers.ex b/lib/dotcom_web/plugs/secure_headers.ex
index 4574059111..ca4f47944c 100644
--- a/lib/dotcom_web/plugs/secure_headers.ex
+++ b/lib/dotcom_web/plugs/secure_headers.ex
@@ -35,6 +35,7 @@ defmodule DotcomWeb.Plugs.SecureHeaders do
       www.instagram.com
       *.soundcloud.com
       *.vimeo.com
+      vimeo.com
     ],
     img: ~w[
       img-src