From 33c3e8461a33b5935e8f59db85b139b3004efa81 Mon Sep 17 00:00:00 2001
From: Brian Clifton <brian@clifton.me>
Date: Mon, 19 Mar 2018 11:46:44 -0700
Subject: [PATCH] Merge pull request #13501 from brave/fix/13499

Allow 'self' CSP connect-src by default
---
 app/extensions.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/extensions.js b/app/extensions.js
index bf4d1c3a224..60161eee53a 100644
--- a/app/extensions.js
+++ b/app/extensions.js
@@ -198,7 +198,7 @@ let generateBraveManifest = () => {
     'style-src': '\'self\' \'unsafe-inline\'',
     'font-src': '\'self\' data:',
     'img-src': '* data: file://*',
-    'connect-src': 'https://www.youtube.com',
+    'connect-src': '\'self\' https://www.youtube.com',
     'frame-src': '\'self\' https://brave.com'
   }
 
@@ -206,8 +206,8 @@ let generateBraveManifest = () => {
     // allow access to webpack dev server resources
     let devServer = 'localhost:' + process.env.npm_package_config_port
     cspDirectives['default-src'] = '\'self\' http://' + devServer
-    cspDirectives['connect-src'] = cspDirectives['connect-src'] + [
-      ' \'self\'',
+    cspDirectives['connect-src'] = [
+      cspDirectives['connect-src'],
       'http://' + devServer,
       'ws://' + devServer
     ].join(' ')