(arrow-site) branch main updated: Try fix Content Security Policy errors (take 8) (#602)

Thu, 20 Feb 2025 10:43:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

ianmcook pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-site.git


The following commit(s) were added to refs/heads/main by this push:
     new dd4bb56957b Try fix Content Security Policy errors (take 8) (#602)
dd4bb56957b is described below

commit dd4bb56957b41004cf640858768b4d16e2c03531
Author: Ian Cook <[email protected]>
AuthorDate: Thu Feb 20 11:34:01 2025 -0700

    Try fix Content Security Policy errors (take 8) (#602)
    
    This vendors the Lato font files so we don't need to load them from
    Google Fonts.
---
 .htaccess                                 |  11 +++++++++++
 NOTICE.txt                                |   3 +++
 _includes/top.html                        |  12 ------------
 assets/fonts/lato-v24-latin-italic.woff2  | Bin 0 -> 24408 bytes
 assets/fonts/lato-v24-latin-regular.woff2 | Bin 0 -> 23580 bytes
 css/main.scss                             |  16 ++++++++++++++++
 6 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/.htaccess b/.htaccess
index 327ebb6c3c7..381bb1ced01 100644
--- a/.htaccess
+++ b/.htaccess
@@ -24,3 +24,14 @@ Redirect permanent /datafusion-python 
https://datafusion.apache.org/python
 
 # redirect all ballista URLs to new website
 Redirect permanent /ballista https://datafusion.apache.org/ballista
+
+# fix Safari Content Security Policy errors
+Header add Content-Security-Policy-Report-Only "default-src 'self' data: blob: 
https://*.apache.org/ https://www.apachecon.com/ 
https://www.communityovercode.org/; \
+  script-src 'self' https://*.apache.org/ 
'sha256-zcLnLb0EtdHEeff3LAr93euk343CTrN0BMhlaeAD8yY=' 
'sha256-eeHr1PLkM55qPqkpxjBDHGtxfQf3RvEYoENHzN4IL0Q='; \
+  style-src 'self' 'sha256-88sV2hhBstoYcag54b2hPpN+Oei7wd2Roz3k+RXEAfk=' 
'sha256-B3D8HD6PV1HtGZ5Z3qkXsN6p/LAiwBn9jehRuPkMBhQ=' 
'sha256-qo7STIM1L/OgU9y0De47mqod1UZFLJfTn36bRC42rfA='; \
+  frame-ancestors 'self'; \
+  frame-src 'self' data: blob:; \
+  img-src 'self' data: https://*.apache.org/; \
+  worker-src 'self' data: blob:; \
+  connect-src 'self' https://*.apache.org/ https://api.github.com/; \
+  font-src 'self' https://*.apache.org/;";
diff --git a/NOTICE.txt b/NOTICE.txt
index f9a6829016d..9b85c2f870c 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -11,3 +11,6 @@ This product includes software from 
https://github.com/buttons/github-buttons (B
 The deployed version of the website includes files generated by Jekyll (MIT)
  * Copyright (c) 2008-2022 Tom Preston-Werner and Jekyll contributors
  * https://github.com/jekyll/jekyll
+
+This product includes software from https://www.latofonts.com (SIL Open Font 
License, Version 1.1)
+* Copyright (c) 2010-2011 by Lukasz Dziedzic
diff --git a/_includes/top.html b/_includes/top.html
index 9b21a757382..ad20deb3e80 100644
--- a/_includes/top.html
+++ b/_includes/top.html
@@ -3,16 +3,6 @@
   <head>
     <meta charset="UTF-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta http-equiv="Content-Security-Policy-Report-Only" content="
-      default-src 'self' data: blob: https://*.apache.org/ 
https://www.apachecon.com/ https://www.communityovercode.org/;
-      script-src 'self' https://*.apache.org/ 
'sha256-zcLnLb0EtdHEeff3LAr93euk343CTrN0BMhlaeAD8yY=' 
'sha256-eeHr1PLkM55qPqkpxjBDHGtxfQf3RvEYoENHzN4IL0Q=';
-      style-src 'self' https://fonts.googleapis.com/ 
'sha256-88sV2hhBstoYcag54b2hPpN+Oei7wd2Roz3k+RXEAfk=' 
'sha256-B3D8HD6PV1HtGZ5Z3qkXsN6p/LAiwBn9jehRuPkMBhQ=' 
'sha256-qo7STIM1L/OgU9y0De47mqod1UZFLJfTn36bRC42rfA=';
-      frame-ancestors 'self';
-      frame-src 'self' data: blob:;
-      img-src 'self' data: https://*.apache.org/;
-      worker-src 'self' data: blob:;
-      connect-src 'self' https://*.apache.org/ https://api.github.com/;
-      font-src 'self' https://*.apache.org/ https://fonts.gstatic.com/;";>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <!-- The above meta tags *must* come first in the head; any other head 
content must come *after* these tags -->
     {% if page.title %}
@@ -88,8 +78,6 @@
       onUpdate();
     </script>
 
-    <link rel="stylesheet" 
href="https://fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic,900";>
-
     <link href="{{ site.baseurl }}/css/main.css" rel="stylesheet">
     <link href="{{ site.baseurl }}/css/syntax.css" rel="stylesheet">
     <script src="{% link /javascript/main.js %}"></script>
diff --git a/assets/fonts/lato-v24-latin-italic.woff2 
b/assets/fonts/lato-v24-latin-italic.woff2
new file mode 100644
index 00000000000..851630ff856
Binary files /dev/null and b/assets/fonts/lato-v24-latin-italic.woff2 differ
diff --git a/assets/fonts/lato-v24-latin-regular.woff2 
b/assets/fonts/lato-v24-latin-regular.woff2
new file mode 100644
index 00000000000..ff60934dd0e
Binary files /dev/null and b/assets/fonts/lato-v24-latin-regular.woff2 differ
diff --git a/css/main.scss b/css/main.scss
index ffe40235ab2..21e7466c20a 100644
--- a/css/main.scss
+++ b/css/main.scss
@@ -22,6 +22,22 @@ body {
   line-height: 1.52;
 }
 
+@font-face {
+  font-display: swap;
+  font-family: Lato;
+  font-style: normal;
+  font-weight: 400;
+  src: url('/assets/fonts/lato-v24-latin-regular.woff2') format('woff2');
+}
+
+@font-face {
+  font-display: swap;
+  font-family: Lato;
+  font-style: italic;
+  font-weight: 400;
+  src: url('/assets/fonts/lato-v24-latin-italic.woff2') format('woff2');
+}
+
 .footer {
   font-size: .8em;
 }

Reply via email to