Merge pull request #426 from MTES-MCT/feat/add_vimeo_csp

feat(CSP): add vimeo to the CSP list

servers.conf.erb

@@ -24,7 +24,7 @@ server {
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Frame-Options "deny";
     add_header X-Content-Type-Options "nosniff";
-    add_header Content-Security-Policy "object-src 'self'; connect-src 'self' https://client.crisp.chat https://api-adresse.data.gouv.fr https://sentry.incubateur.net wss://client.relay.crisp.chat https://stats.data.gouv.fr; base-uri 'self'; default-src 'self'; script-src 'self' https://client.crisp.chat https://stats.data.gouv.fr 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://client.crisp.chat https://stats.data.gouv.fr https://res.cloudinary.com https://images.unsplash.com; style-src 'self' 'unsafe-inline' https://client.crisp.chat https://cdn.jsdelivr.net; font-src 'self' https://client.crisp.chat https://cdn.jsdelivr.net; frame-src https://metabase.mobilic.beta.gouv.fr https://www.slideshare.net https://cgu.mobilic.beta.gouv.fr https://form.typeform.com;";
+    add_header Content-Security-Policy "object-src 'self'; connect-src 'self' https://client.crisp.chat https://api-adresse.data.gouv.fr https://sentry.incubateur.net wss://client.relay.crisp.chat https://stats.data.gouv.fr; base-uri 'self'; default-src 'self'; script-src 'self' https://client.crisp.chat https://stats.data.gouv.fr 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://client.crisp.chat https://stats.data.gouv.fr https://res.cloudinary.com https://images.unsplash.com; style-src 'self' 'unsafe-inline' https://client.crisp.chat https://cdn.jsdelivr.net; font-src 'self' https://client.crisp.chat https://cdn.jsdelivr.net; frame-src https://metabase.mobilic.beta.gouv.fr https://www.slideshare.net https://cgu.mobilic.beta.gouv.fr https://form.typeform.com; https://player.vimeo.com;";
     add_header X-XSS-Protection "1; mode=block";
     add_header Cache-Control $cache_control;