[jira] [Commented] (CAY-2903) The Content-Security-Policy header must not be overridden

Sebb (Jira) Tue, 28 Oct 2025 16:10:07 -0700


    [ 
https://issues.apache.org/jira/browse/CAY-2903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033703#comment-18033703
 ]


Sebb commented on CAY-2903:
---------------------------

Please note that the policy says that any exceptions must have been approved, 
and a reference to the approval must be commented in the .htaccess file

> The Content-Security-Policy header must not be overridden
> ---------------------------------------------------------
>
>                 Key: CAY-2903
>                 URL: https://issues.apache.org/jira/browse/CAY-2903
>             Project: Cayenne
>          Issue Type: Bug
>          Components: Website
>            Reporter: Sebb
>            Priority: Major
>
> [https://github.com/apache/cayenne-website/blob/5f78f97850f4ca2eb0383cb7b1a75d4521c04dc6/.htaccess#L89]
> The Content-Security-Policy header must not be overridden.
> There is now a standard way to add local exceptions to the CSP:
> [https://infra.apache.org/tools/csp.html]
> Please update the .htaccess file accordingly.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CAY-2903) The Content-Security-Policy header must not be overridden

Reply via email to