The Content-Security-Policy header must not be overridden

[sebbASF]

mynewt-site/.htaccess

Line 3 in 6b7e685

Header set Content-Security-Policy "frame-src https://www.youtube-nocookie.com https://www.youtube.com"

The Content-Security-Policy header must not be overridden.

There is now a standard way to add local exceptions to the CSP:

https://infra.apache.org/tools/csp.html

Please update the .htaccess file accordingly.

Please note that the policy says that any exceptions must have been approved, and a reference to the approval must be commented in the .htaccess file