From be49444491268c84c50eab4b407a41109602e42d Mon Sep 17 00:00:00 2001
From: Winston Wu <winxton@gmail.com>
Date: Tue, 17 Mar 2026 09:02:50 -0400
Subject: [PATCH] Allow encrypted-media permission for Plaid Link iframe on
 Vercel

Plaid Link's iframe requires the encrypted-media browser permission for certain bank authentication flows. Vercel's default Permissions-Policy header blocks this, causing reconnect flows to fail. This adds a permissive header that grants encrypted-media to the app and Plaid's CDN origin.
---
 client/vercel.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/client/vercel.json b/client/vercel.json
index 50b0231..1b96618 100644
--- a/client/vercel.json
+++ b/client/vercel.json
@@ -2,5 +2,16 @@
   "outputDirectory": "build",
   "rewrites": [
     { "source": "/(.*)", "destination": "/index.html" }
+  ],
+  "headers": [
+    {
+      "source": "/(.*)",
+      "headers": [
+        {
+          "key": "Permissions-Policy",
+          "value": "encrypted-media=(self \"https://cdn.plaid.com\")"
+        }
+      ]
+    }
   ]
 }