svn commit: r1926638 - /poi/site/publish/.htaccess

Sun, 22 Jun 2025 03:25:29 -0700 

Author: fanningpj
Date: Sun Jun 22 10:24:13 2025
New Revision: 1926638

URL: http://svn.apache.org/viewvc?rev=1926638&view=rev
Log:
change CSP header

Modified:
    poi/site/publish/.htaccess

Modified: poi/site/publish/.htaccess
URL: 
http://svn.apache.org/viewvc/poi/site/publish/.htaccess?rev=1926638&r1=1926637&r2=1926638&view=diff
==============================================================================
--- poi/site/publish/.htaccess (original)
+++ poi/site/publish/.htaccess Sun Jun 22 10:24:13 2025
@@ -26,9 +26,9 @@ RewriteRule ^apidocs/(overview*)$ /apido
 # Security Headers
 Header set Strict-Transport-Security "max-age=31536000"
 # long term CSP header but not detailed enough
-# Header set Content-Security-Policy "frame-src 'self' ;"
+Header set Content-Security-Policy "frame-src 'self' ; script-src 'self'"
 # CSP header based on the default applied by ASF Infra team
-Header set Content-Security-Policy "default-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; worker-src 'self' data: blob:;"
+# Header set Content-Security-Policy "default-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; worker-src 'self' data: blob:;"
 Header always set X-Frame-Options SAMEORIGIN
 Header set X-Content-Type-Options nosniff
 Header set X-XSS-Protection "1; mode=block"



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to