You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by ru...@apache.org on 2024/02/27 20:05:45 UTC

(superset) branch more-csp-mess created (now fdc7792866)

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a change to branch more-csp-mess
in repository https://gitbox.apache.org/repos/asf/superset.git


      at fdc7792866 fix(docs): remving meta tag CSP, poking more holes in htaccess

This branch includes the following new commits:

     new fdc7792866 fix(docs): remving meta tag CSP, poking more holes in htaccess

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(superset) 01/01: fix(docs): remving meta tag CSP, poking more holes in htaccess

Posted by ru...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a commit to branch more-csp-mess
in repository https://gitbox.apache.org/repos/asf/superset.git

commit fdc7792866e970ddd88416d998b92e95b1991ad7
Author: Evan Rusackas <ev...@rusackas.com>
AuthorDate: Tue Feb 27 13:05:25 2024 -0700

    fix(docs): remving meta tag CSP, poking more holes in htaccess
---
 docs/docusaurus.config.js |  1 -
 docs/static/.htaccess     | 12 +++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 5bd6feadaa..d7dc1c931c 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -261,7 +261,6 @@ const config = {
         theme: lightCodeTheme,
         darkTheme: darkCodeTheme,
       },
-      metadata: [{name: 'Content-Security-Policy', content: "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/';"}],
     }),
   scripts: [
     '/script/matomo.js',
diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index 3f16f4519d..2fb74995a1 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -22,4 +22,14 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
 RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
 RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
 
-Header set Content-Security-Policy "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/' 'https://unpkg.com/';"
+Header set Content-Security-Policy "default-src 'self'; img-src *;"
+
+Header set Content-Security-Policy "default-src 'self'; \
+script-src 'self'; \
+img-src 'self' https://static.scarf.sh *; \
+style-src 'self' https://fonts.googleapis.com; \
+script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com; \
+style-src-elem 'self' https://fonts.googleapis.com; \
+font-src 'self' https://fonts.gstatic.com; \
+frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com 'https://unpkg.com; \
+"