You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ru...@apache.org on 2024/02/27 22:33:05 UTC
(superset) branch more-csp-mess-4 updated: fix(docs): more CSP adjustments...
This is an automated email from the ASF dual-hosted git repository.
rusackas pushed a commit to branch more-csp-mess-4
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/more-csp-mess-4 by this push:
new 15affbebfd fix(docs): more CSP adjustments...
15affbebfd is described below
commit 15affbebfd3d7c4da5ade7c7c31951bb30a17b12
Author: Evan Rusackas <ev...@rusackas.com>
AuthorDate: Tue Feb 27 15:32:53 2024 -0700
fix(docs): more CSP adjustments...
---
docs/static/.htaccess | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index aa0c75e328..5453e5eb80 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -22,7 +22,7 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
-Header set Content-Security-Policy "default-src 'self'; img-src *;"
+# Header set Content-Security-Policy "default-src 'self'; img-src *;"
Header set Content-Security-Policy "default-src 'self'; \
script-src 'self'; \
@@ -30,6 +30,7 @@ img-src 'self' https://static.scarf.sh *; \
style-src 'self' https://fonts.googleapis.com; \
script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; \
style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.apache.org https://www.bugherd.com; \
+frame-ancestors 'self' https://preset.io; \
font-src 'self' https://fonts.gstatic.com; \
frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
"