svn commit: r1926637 - /poi/site/publish/.htaccess

Sun, 22 Jun 2025 03:41:20 -0700 

Author: fanningpj
Date: Sun Jun 22 10:21:04 2025
New Revision: 1926637

URL: http://svn.apache.org/viewvc?rev=1926637&view=rev
Log:
change CSP header

Modified:
    poi/site/publish/.htaccess

Modified: poi/site/publish/.htaccess
URL: 
http://svn.apache.org/viewvc/poi/site/publish/.htaccess?rev=1926637&r1=1926636&r2=1926637&view=diff
==============================================================================
--- poi/site/publish/.htaccess (original)
+++ poi/site/publish/.htaccess Sun Jun 22 10:21:04 2025
@@ -27,7 +27,8 @@ RewriteRule ^apidocs/(overview*)$ /apido
 Header set Strict-Transport-Security "max-age=31536000"
 # long term CSP header but not detailed enough
 # Header set Content-Security-Policy "frame-src 'self' ;"
-Header set Content-Security-Policy "default-src 'self' https://poi.apache.org/ 
; style-src 'self' https://poi.apache.org/ 'unsafe-inline' ; script-src 'self' 
https://poi.apache.org/ 'unsafe-inline' ; frame-src 'self' ;"
+# CSP header based on the default applied by ASF Infra team
+Header set Content-Security-Policy "default-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; worker-src 'self' data: blob:;"
 Header always set X-Frame-Options SAMEORIGIN
 Header set X-Content-Type-Options nosniff
 Header set X-XSS-Protection "1; mode=block"



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to