You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by ru...@apache.org on 2024/02/27 23:58:12 UTC

(superset) branch more-csp-madness created (now 654451527e)

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a change to branch more-csp-madness
in repository https://gitbox.apache.org/repos/asf/superset.git


      at 654451527e fix(docs): making CSP one line, adding double quote

This branch includes the following new commits:

     new 654451527e fix(docs): making CSP one line, adding double quote

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(superset) 01/01: fix(docs): making CSP one line, adding double quote

Posted by ru...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a commit to branch more-csp-madness
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 654451527eb7ff2c2e05b66f1ff1f10af94b1318
Author: Evan Rusackas <ev...@rusackas.com>
AuthorDate: Tue Feb 27 16:57:57 2024 -0700

    fix(docs): making CSP one line, adding double quote
---
 docs/static/.htaccess | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index 3e8582dee6..bc88d42ee3 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -22,10 +22,4 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
 RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
 RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
 
-Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.bugherd.com *.scarf.sh *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; \
-frame-src *; \
-frame-ancestors 'self' *.preset.io *.google.com https://sidebar.bugherd.com https://unpkg.com; \
-form-action 'self'; \
-worker-src blob:; img-src 'self' blob: data: https:; \
-font-src 'self' https://fonts.gstatic.com; \
-object-src 'none'
+Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.bugherd.com *.scarf.sh *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.preset.io *.google.com https://sidebar.bugherd.com https://unpkg.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' https://fonts.gstatic.com; object-src 'none'"