From 7fe1cf6b17899d808d194a008baa8b2ec133aa4f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Andreas=20Pinto-K=C3=B6hler?=
 <andreas.pinto-koehler@publicispixelpark.de>
Date: Tue, 3 Jan 2017 10:30:59 +0100
Subject: [PATCH] Update dev-web-ngcc-daimler.pixelpark.net.yaml for images in
 social media stream.

---
 customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml b/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml
index 84e1e818..48019131 100644
--- a/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml
+++ b/customer/mbvd-ngcc/dev-web-ngcc-daimler.pixelpark.net.yaml
@@ -41,8 +41,8 @@ site::profile::apache::pp_vhosts:
       - 'set X-Content-Type-Options: nosniff'
       - 'set X-XSS-Protection: "1; mode=block"'
       - 'set X-Frame-Options: "ALLOW-FROM https://dev-cms01-ngcc-daimler.pixelpark.net"'
-      - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com; child-src https://*.youtube.com https://*.facebook.com\""
-      - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com; child-src https://*.youtube.com https://*.facebook.com\""
+      - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com; child-src https://*.youtube.com https://*.facebook.com"\""
+      - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com https://*.cdninstagram.com https://*.ytimg.com https://*.twimg.com; child-src https://*.youtube.com https://*.facebook.com"\""
     headers_ssl:
       - 'always set Strict-Transport-Security "max-age=31556926"'
     custom_fragment: |
-- 
2.39.5