From 912096e167faa31d348d34ff8bdcd0c1ad594080 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@protonmail.com>
Date: Fri, 22 Jul 2022 05:01:31 +0200
Subject: [PATCH] improve youtube shortcode (#21)

---
 assets/css/extended/youtube.css | 15 +++++++++++++++
 layouts/shortcodes/youtube.html |  4 ++++
 netlify.toml                    |  3 +--
 3 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 assets/css/extended/youtube.css
 create mode 100644 layouts/shortcodes/youtube.html

diff --git a/assets/css/extended/youtube.css b/assets/css/extended/youtube.css
new file mode 100644
index 0000000..b37a139
--- /dev/null
+++ b/assets/css/extended/youtube.css
@@ -0,0 +1,15 @@
+.youtube-embed-div {
+    position: relative;
+    padding-bottom: 56.25%;
+    height: 0;
+    overflow: hidden;
+}
+
+.youtube-embed-frame {
+    position: absolute;
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    border: 0;
+}
\ No newline at end of file
diff --git a/layouts/shortcodes/youtube.html b/layouts/shortcodes/youtube.html
new file mode 100644
index 0000000..4e0cddf
--- /dev/null
+++ b/layouts/shortcodes/youtube.html
@@ -0,0 +1,4 @@
+{{- $id := .Get "id" | default (.Get 0) -}}
+<div class="youtube-embed-div">
+    <iframe src="https://www.youtube-nocookie.com/embed/{{ $id }}" class="youtube-embed-frame" allowfullscreen title="YouTube Video"></iframe>
+</div> 
\ No newline at end of file
diff --git a/netlify.toml b/netlify.toml
index ed01bc6..be4f4cf 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -2,11 +2,10 @@
   for = "/*"
   [headers.values]
     Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
-    Content-Security-Policy = "default-src 'none'; connect-src 'self'; img-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; frame-src www.youtube-nocookie.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"
+    Content-Security-Policy = "default-src 'none'; connect-src 'self'; img-src 'self'; script-src-elem 'self'; style-src-elem 'self'; frame-src www.youtube-nocookie.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"
     X-Content-Type-Options = "nosniff"
     Referrer-Policy = "no-referrer"
     Cross-Origin-Opener-Policy = "same-origin"
-    Cross-Origin-Embedder-Policy = "require-corp"
     X-Frame-Options = "DENY"
     X-XSS-Protection = "0"
     Permissions-Policy = "accelerometer=(), autoplay=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"