(incubator-hugegraph-doc) 01/01: fix csp

Fri, 14 Feb 2025 00:11:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

jin pushed a commit to branch fix-cs
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph-doc.git

commit 24c060e64c8578fe7aa0504bb79558e18fb07b0a
Author: imbajin <j...@apache.org>
AuthorDate: Fri Feb 14 16:11:03 2025 +0800

    fix csp
---
 themes/docsy/layouts/_default/baseof.html | 9 +++++----
 themes/docsy/layouts/partials/head.html   | 7 +++++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/themes/docsy/layouts/_default/baseof.html 
b/themes/docsy/layouts/_default/baseof.html
index 44902029..2980b473 100644
--- a/themes/docsy/layouts/_default/baseof.html
+++ b/themes/docsy/layouts/_default/baseof.html
@@ -3,10 +3,11 @@
   <head>
       <!-- To handle CSP policy -->
       <meta http-equiv="Content-Security-Policy"
-            content="script-src 'self' 'unsafe-inline' 'unsafe-eval' 
https://code.jquery.com https://cdn.jsdelivr.net https://fonts.googleapis.com/;
-                    style-src 'self' 'unsafe-inline' https://code.jquery.com 
https://cdn.jsdelivr.net https://fonts.googleapis.com/;
-                    font-src 'self' https://cdn.jsdelivr.net;
-                    img-src 'self' data:">
+            content="
+            script-src 'self' 'unsafe-inline' 'unsafe-eval' 
https://analytics.apache.org https://code.jquery.com https://cdn.jsdelivr.net 
https://fonts.googleapis.com/;
+            style-src 'self' 'unsafe-inline' https://code.jquery.com 
https://cdn.jsdelivr.net https://fonts.googleapis.com/;
+            font-src 'self' https://fonts.googleapis.com/;
+            default-src 'self';">
     {{ partial "head.html" . }}
   </head>
   <body class="td-{{ .Kind }}{{ with .Page.Params.body_class }} {{ . }}{{ end 
}}">
diff --git a/themes/docsy/layouts/partials/head.html 
b/themes/docsy/layouts/partials/head.html
index 7826fd7c..d22b9de5 100644
--- a/themes/docsy/layouts/partials/head.html
+++ b/themes/docsy/layouts/partials/head.html
@@ -1,5 +1,12 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, 
shrink-to-fit=no">
+<!-- To handle CSP policy -->
+<meta http-equiv="Content-Security-Policy"
+      content="
+      script-src 'self' 'unsafe-inline' 'unsafe-eval' 
https://analytics.apache.org https://code.jquery.com https://cdn.jsdelivr.net 
https://fonts.googleapis.com/;
+      style-src 'self' 'unsafe-inline' https://code.jquery.com 
https://cdn.jsdelivr.net https://fonts.googleapis.com/;
+      font-src 'self' https://fonts.googleapis.com/;
+      default-src 'self';">
 {{ hugo.Generator }}
 {{ range .AlternativeOutputFormats -}}
 <link rel="{{ .Rel }}" type="{{ .MediaType.Type }}" href="{{ .Permalink | 
safeURL }}">

Reply via email to