Fix Plaid reconnect permissions policy violation

[Winxton]

Plaid Link's iframe requires the encrypted-media browser permission for certain bank authentication flows. Vercel sets a restrictive default Permissions-Policy header that blocks this, causing reconnect and link flows to fail with a permissions violation error. This change adds a permissive header that grants encrypted-media permission to the app and Plaid's CDN origin (https://cdn.plaid.com).

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openfinance-client	Ready	Preview, Comment	Mar 17, 2026 1:03pm