You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by as...@apache.org on 2024/02/27 23:30:01 UTC

(superset-site) branch asf-site updated: deploying docs: fix(docs): more csp tweaks (#27279) (apache/superset@7a86d5e38e6498d55bba01991824aa35594df338)

This is an automated email from the ASF dual-hosted git repository.

asf-ci-deploy pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/superset-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 7f409bc3d deploying docs: fix(docs): more csp tweaks (#27279) (apache/superset@7a86d5e38e6498d55bba01991824aa35594df338)
7f409bc3d is described below

commit 7f409bc3d6398630af273665aff067f84fcc922c
Author: apache <de...@superset.apache.org>
AuthorDate: Tue Feb 27 23:29:56 2024 +0000

    deploying docs: fix(docs): more csp tweaks (#27279) (apache/superset@7a86d5e38e6498d55bba01991824aa35594df338)
---
 .htaccess | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/.htaccess b/.htaccess
index 5453e5eb8..3e8582dee 100644
--- a/.htaccess
+++ b/.htaccess
@@ -22,15 +22,10 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
 RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
 RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
 
-# Header set Content-Security-Policy "default-src 'self'; img-src *;"
-
-Header set Content-Security-Policy "default-src 'self'; \
-script-src 'self'; \
-img-src 'self' https://static.scarf.sh *; \
-style-src 'self' https://fonts.googleapis.com; \
-script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; \
-style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.apache.org https://www.bugherd.com; \
-frame-ancestors 'self' https://preset.io; \
+Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.bugherd.com *.scarf.sh *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; \
+frame-src *; \
+frame-ancestors 'self' *.preset.io *.google.com https://sidebar.bugherd.com https://unpkg.com; \
+form-action 'self'; \
+worker-src blob:; img-src 'self' blob: data: https:; \
 font-src 'self' https://fonts.gstatic.com; \
-frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
-"
+object-src 'none'