You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ru...@apache.org on 2024/02/27 20:22:41 UTC
(superset) branch master updated: fix(docs): removing meta tag CSP, poking more holes in htaccess (#27274)
This is an automated email from the ASF dual-hosted git repository.
rusackas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 058d6ff5c0 fix(docs): removing meta tag CSP, poking more holes in htaccess (#27274)
058d6ff5c0 is described below
commit 058d6ff5c000c0f8d2b497facfd62418c0ee31b3
Author: Evan Rusackas <ev...@preset.io>
AuthorDate: Tue Feb 27 13:22:34 2024 -0700
fix(docs): removing meta tag CSP, poking more holes in htaccess (#27274)
---
docs/docusaurus.config.js | 1 -
docs/static/.htaccess | 12 +++++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 5bd6feadaa..d7dc1c931c 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -261,7 +261,6 @@ const config = {
theme: lightCodeTheme,
darkTheme: darkCodeTheme,
},
- metadata: [{name: 'Content-Security-Policy', content: "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/';"}],
}),
scripts: [
'/script/matomo.js',
diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index 3f16f4519d..0e3d2d8f7e 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -22,4 +22,14 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
-Header set Content-Security-Policy "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/' 'https://unpkg.com/';"
+Header set Content-Security-Policy "default-src 'self'; img-src *;"
+
+Header set Content-Security-Policy "default-src 'self'; \
+script-src 'self'; \
+img-src 'self' https://static.scarf.sh *; \
+style-src 'self' https://fonts.googleapis.com; \
+script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com; \
+style-src-elem 'self' https://fonts.googleapis.com; \
+font-src 'self' https://fonts.gstatic.com; \
+frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
+"