From 752a8878145082a95c2a27673bc9ce87d3fdffbc Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 29 Nov 2025 00:41:55 +0000
Subject: [PATCH 1/2] Initial plan


From 9cea4b5d4969bf372964798afcd2b612f0266981 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 29 Nov 2025 00:48:45 +0000
Subject: [PATCH 2/2] Fix YouTube embed error 153 by setting
 SECURE_REFERRER_POLICY

Co-authored-by: simonw <9599+simonw@users.noreply.github.com>
---
 config/settings.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/settings.py b/config/settings.py
index 5235b26..1e26278 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -36,6 +36,9 @@
 # https://github.com/simonw/simonwillisonblog/issues/498
 SECURE_CROSS_ORIGIN_OPENER_POLICY = False
 
+# https://github.com/simonw/simonwillisonblog/issues/558
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
+
 # SESSION_COOKIE_DOMAIN
 if os.environ.get("SESSION_COOKIE_DOMAIN"):
     SESSION_COOKIE_DOMAIN = os.environ["SESSION_COOKIE_DOMAIN"]