(superset) branch more-csp-mess created (now 761582a447)

[ru...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a change to branch more-csp-mess
in repository https://gitbox.apache.org/repos/asf/superset.git


      at 761582a447 allowing unsafe inline scripts

This branch includes the following new commits:

     new 761582a447 allowing unsafe inline scripts

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(superset) 01/01: allowing unsafe inline scripts

[ru...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a commit to branch more-csp-mess
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 761582a447ee8f145177657f7650fbab37242910
Author: Evan Rusackas <ev...@rusackas.com>
AuthorDate: Tue Feb 27 13:29:06 2024 -0700

    allowing unsafe inline scripts
---
 docs/static/.htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index 0e3d2d8f7e..0f60b85ba2 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -28,7 +28,7 @@ Header set Content-Security-Policy "default-src 'self'; \
 script-src 'self'; \
 img-src 'self' https://static.scarf.sh *; \
 style-src 'self' https://fonts.googleapis.com; \
-script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com; \
+script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; \
 style-src-elem 'self' https://fonts.googleapis.com; \
 font-src 'self' https://fonts.gstatic.com; \
 frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \