This is an automated email from the ASF dual-hosted git repository.
alamb pushed a commit to branch production
in repository https://gitbox.apache.org/repos/asf/parquet-site.git
The following commit(s) were added to refs/heads/production by this push:
new be3a85b Vendor jQuery and Lunr.js locally for CSP compliance (#169)
be3a85b is described below
commit be3a85b74bf8efd85acf910e5c711a2dd834d8d3
Author: Vinoo Ganesh <[email protected]>
AuthorDate: Sun Feb 22 17:11:44 2026 -0500
Vendor jQuery and Lunr.js locally for CSP compliance (#169)
Apache's Content Security Policy on parquet.apache.org blocks scripts
from external CDNs. Docsy loads jQuery from code.jquery.com and Lunr
from unpkg.com, both of which get blocked, breaking all JS on the
production site.
This vendors both libraries in static/js/ and overrides Docsy's
head.html to load them from the site itself. Same versions, just
self-hosted.
jQuery is still needed — Docsy's base.js and offline-search.js both
depend on it (see google/docsy#1436 for their effort to drop it).
Part of #163
---
layouts/partials/head.html | 55 +++++++++++++++++++++++++++++++++++++++++++
static/js/jquery-3.7.1.min.js | 2 ++
static/js/lunr-2.3.9.min.js | 6 +++++
3 files changed, 63 insertions(+)
diff --git a/layouts/partials/head.html b/layouts/partials/head.html
new file mode 100644
index 0000000..ca7039d
--- /dev/null
+++ b/layouts/partials/head.html
@@ -0,0 +1,55 @@
+{{/*
+ Project-level override of Docsy's layouts/_partials/head.html
+
+ Why this file exists:
+ Apache's Content Security Policy (CSP) blocks resources from external CDNs.
+ The upstream Docsy theme loads jQuery from code.jquery.com and Lunr from
+ unpkg.com, both of which are blocked on parquet.apache.org. This override
+ loads vendored copies from static/js/ instead. It also removes the Algolia
+ DocSearch CSS block since we use Lunr offline search.
+
+ See: https://github.com/apache/parquet-site/issues/163
+*/ -}}
+{{/* cSpell:ignore docsearch opengraph outputformat */ -}}
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1,
shrink-to-fit=no">
+{{ range .AlternativeOutputFormats -}}
+<link rel="{{ .Rel }}" type="{{ .MediaType.Type }}" href="{{ .Permalink |
safeURL }}">
+{{ end -}}
+
+{{ $outputFormat := partial "outputformat.html" . -}}
+{{ if and hugo.IsProduction (ne $outputFormat "print") -}}
+<meta name="robots" content="index, follow">
+{{ else -}}
+<meta name="robots" content="noindex, nofollow">
+{{ end -}}
+
+{{ partialCached "favicons.html" . }}
+<title>
+ {{- if .IsHome -}}
+ {{ .Site.Title -}}
+ {{ else -}}
+ {{ with .Title }}{{ . }} | {{ end -}}
+ {{ .Site.Title -}}
+ {{ end -}}
+</title>
+<meta name="description" content="{{ partial "page-description.html" . }}">
+{{ partial "opengraph.html" . -}}
+{{ partial "schema.html" . -}}
+{{ partial "twitter_cards.html" . -}}
+{{ partialCached "head-css.html" . "head-css-cache-key" -}}
+<script src="{{ "js/jquery-3.7.1.min.js" | relURL }}"></script>
+{{ if .Site.Params.offlineSearch -}}
+<script defer src="{{ "js/lunr-2.3.9.min.js" | relURL }}"></script>
+{{ end -}}
+
+{{ if .Site.Params.prism_syntax_highlighting -}}
+<link rel="stylesheet" href="{{ "css/prism.css" | relURL }}"/>
+{{ end -}}
+
+{{ partial "hooks/head-end.html" . -}}
+
+{{/* To comply with GDPR, cookie consent scripts places in head-end must
execute before Google Analytics is enabled */ -}}
+{{ if hugo.IsProduction -}}
+ {{ partial "google_analytics.html" . -}}
+{{ end -}}
diff --git a/static/js/jquery-3.7.1.min.js b/static/js/jquery-3.7.1.min.js
new file mode 100644
index 0000000..7f37b5d
--- /dev/null
+++ b/static/js/jquery-3.7.1.min.js
@@ -0,0 +1,2 @@
+/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors |
jquery.org/license */
+!function(e,t){"use strict";"object"==typeof module&&"object"==typeof
module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw
new Error("jQuery requires a window with a document");return
t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use
strict";var
oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return
oe.flat.call(e)}:function(e){return
oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue
[...]
diff --git a/static/js/lunr-2.3.9.min.js b/static/js/lunr-2.3.9.min.js
new file mode 100644
index 0000000..cdc94cd
--- /dev/null
+++ b/static/js/lunr-2.3.9.min.js
@@ -0,0 +1,6 @@
+/**
+ * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as
bright - 2.3.9
+ * Copyright (C) 2020 Oliver Nightingale
+ * @license MIT
+ */
+!function(){var e=function(t){var r=new e.Builder;return
r.pipeline.add(e.trimmer,e.stopWordFilter,e.stemmer),r.searchPipeline.add(e.stemmer),t.call(r,r),r.build()};e.version="2.3.9",e.utils={},e.utils.warn=function(e){return
function(t){e.console&&console.warn&&console.warn(t)}}(this),e.utils.asString=function(e){return
void
0===e||null===e?"":e.toString()},e.utils.clone=function(e){if(null===e||void
0===e)return e;for(var
t=Object.create(null),r=Object.keys(e),i=0;i<r.length;i++){var n [...]
