This is an automated email from the ASF dual-hosted git repository.
ianmcook pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-site.git
The following commit(s) were added to refs/heads/main by this push:
new d74e822f1b5 Try fix Content Security Policy errors (take 9) (#603)
d74e822f1b5 is described below
commit d74e822f1b5936227b53b667e510cd0e93c95098
Author: Ian Cook <[email protected]>
AuthorDate: Thu Feb 20 12:01:12 2025 -0700
Try fix Content Security Policy errors (take 9) (#603)
This should be the final one of these PRs. It removes the dynamic GitHub
star button which included the star count (because this violated the
[ASF CSP](https://infra.apache.org/csp.html) by trying to retrieve
content from the [GitHub API](https://api.github.com/)) and replaces it
with an entirely static self-hosted button (like the LinkedIn and X
buttons). This also removes the last of the attempts to experiment with
setting a customer CSP, and just uses the default ASF CSP.
---
.htaccess | 11 -----------
_includes/socials.html | 8 +++++---
_layouts/home.html | 1 -
assets/buttons/buttons.html | 1 -
assets/buttons/buttons.js | 29 -----------------------------
5 files changed, 5 insertions(+), 45 deletions(-)
diff --git a/.htaccess b/.htaccess
index 381bb1ced01..327ebb6c3c7 100644
--- a/.htaccess
+++ b/.htaccess
@@ -24,14 +24,3 @@ Redirect permanent /datafusion-python
https://datafusion.apache.org/python
# redirect all ballista URLs to new website
Redirect permanent /ballista https://datafusion.apache.org/ballista
-
-# fix Safari Content Security Policy errors
-Header add Content-Security-Policy-Report-Only "default-src 'self' data: blob:
https://*.apache.org/ https://www.apachecon.com/
https://www.communityovercode.org/; \
- script-src 'self' https://*.apache.org/
'sha256-zcLnLb0EtdHEeff3LAr93euk343CTrN0BMhlaeAD8yY='
'sha256-eeHr1PLkM55qPqkpxjBDHGtxfQf3RvEYoENHzN4IL0Q='; \
- style-src 'self' 'sha256-88sV2hhBstoYcag54b2hPpN+Oei7wd2Roz3k+RXEAfk='
'sha256-B3D8HD6PV1HtGZ5Z3qkXsN6p/LAiwBn9jehRuPkMBhQ='
'sha256-qo7STIM1L/OgU9y0De47mqod1UZFLJfTn36bRC42rfA='; \
- frame-ancestors 'self'; \
- frame-src 'self' data: blob:; \
- img-src 'self' data: https://*.apache.org/; \
- worker-src 'self' data: blob:; \
- connect-src 'self' https://*.apache.org/ https://api.github.com/; \
- font-src 'self' https://*.apache.org/;";
diff --git a/_includes/socials.html b/_includes/socials.html
index 33e255435a4..7915012ec95 100644
--- a/_includes/socials.html
+++ b/_includes/socials.html
@@ -28,12 +28,14 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
{% endcomment %}
<div class="social-badges">
- <div class="social-badge"> <!-- GitHub -->
- <a class="github-button" href="https://github.com/apache/arrow";
data-size="large" data-show-count="true" aria-label="Star apache/arrow on
GitHub">Star</a>
- </div>
<style type="text/css">
.custom-social-badge{display:inline;padding:4px}.custom-social-badge
a{text-decoration:none;outline:0}.custom-social-badge
.widget{display:inline-block;overflow:hidden;font-family:-apple-system,BlinkMacSystemFont,Segoe
UI,Helvetica,Arial,sans-serif;font-size:0;line-height:0;white-space:nowrap}.custom-social-badge
.btn:not(:last-child){border-radius:.25em 0 0 .25em}.custom-social-badge
.widget-lg .btn{height:28px;padding:5px
10px;font-size:12px;line-height:16px}.custom-social-badge .b [...]
</style>
+ <div class="custom-social-badge"> <!-- GitHub -->
+ <span>
+ <div class="widget widget-lg"><a class="btn"
href="https://github.com/apache/arrow"; rel="noopener" target="_blank"
target="_blank" aria-label="Star Apache Arrow on GitHub"><svg
xmlns="http://www.w3.org/2000/svg"; width="16" height="16" viewBox="0 0 16 16"
fill="none" role="img" aria-hidden="true"><path d="M8 0c4.42 0 8 3.58 8 8a8.013
8.013 0 0 1-5.45 7.59c-.4.08-.55-.17-.55-.38 0-.27.01-1.13.01-2.2
0-.75-.25-1.23-.54-1.48 1.78-.2 3.65-.88 3.65-3.95
0-.88-.31-1.59-.82-2.15.08-.2.36-1 [...]
+ </span>
+ </div>
<div class="custom-social-badge"> <!-- LinkedIn -->
<span>
<div class="widget widget-lg"><a class="btn"
href="https://www.linkedin.com/company/apache-arrow/"; rel="noopener"
target="_blank" aria-label="Follow Apache Arrow on LinkedIn"><svg
xmlns="http://www.w3.org/2000/svg"; width="16" height="16" viewBox="0 0 16 16"
fill="none" role="img" aria-hidden="true"><path d="M14.5455 0H1.45455C0.650909
0 0 0.650909 0 1.45455V14.5455C0 15.3491 0.650909 16 1.45455 16H14.5455C15.3491
16 16 15.3491 16 14.5455V1.45455C16 0.650909 15.3491 0 14.5455 0ZM5.0 [...]
diff --git a/_layouts/home.html b/_layouts/home.html
index feb92b7c5d0..0ae288369ea 100644
--- a/_layouts/home.html
+++ b/_layouts/home.html
@@ -20,6 +20,5 @@
{% include footer.html %}
</div>
-<script async defer src="{{ site.baseurl
}}/assets/buttons/buttons.js"></script>
</body>
</html>
diff --git a/assets/buttons/buttons.html b/assets/buttons/buttons.html
deleted file mode 100644
index 6eecc76cc8b..00000000000
--- a/assets/buttons/buttons.html
+++ /dev/null
@@ -1 +0,0 @@
-<!doctype html><meta charset=utf-8><title>â</title><meta name=robots
content=noindex><body><script src=buttons.js></script>
\ No newline at end of file
diff --git a/assets/buttons/buttons.js b/assets/buttons/buttons.js
deleted file mode 100644
index c82fbd8659f..00000000000
--- a/assets/buttons/buttons.js
+++ /dev/null
@@ -1,29 +0,0 @@
-/*!
- * github-buttons v2.29.1
- * Copyright (c) 2025, ăȘă€ă
- * All rights reserved.
- *
- * BSD 2-Clause License
-
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
this
- list of conditions and the following disclaimer.
- *
- * * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
- */
-!function(){"use strict";var
e=window.document,o=e.location,t=window.Math,r=window.HTMLElement,a=window.XMLHttpRequest,n="github-button",i="https://arrow.apache.org/assets/buttons/buttons.html",c="github.com",l="https://api."+c,d=a&&"prototype"in
a&&"withCredentials"in a.prototype,s=d&&r&&"attachShadow"in
r.prototype&&!("prototype"in r.prototype.attachShadow),u=function(e,o){for(var
t=0,r=e.length;t<r;t++)o(e[t])},f=function(e){return function(o,t,r){var
a=e.createElement(o);if(null!=t)f [...]
