Author: fanningpj
Date: Sun Jun 22 10:29:31 2025
New Revision: 1926639
URL: http://svn.apache.org/viewvc?rev=1926639&view=rev
Log:
revert CSP header
Modified:
poi/site/publish/.htaccess
Modified: poi/site/publish/.htaccess
URL:
http://svn.apache.org/viewvc/poi/site/publish/.htaccess?rev=1926639&r1=1926638&r2=1926639&view=diff
==============================================================================
--- poi/site/publish/.htaccess (original)
+++ poi/site/publish/.htaccess Sun Jun 22 10:29:31 2025
@@ -26,7 +26,7 @@ RewriteRule ^apidocs/(overview*)$ /apido
# Security Headers
Header set Strict-Transport-Security "max-age=31536000"
# long term CSP header but not detailed enough
-Header set Content-Security-Policy "frame-src 'self' ; script-src 'self'"
+Header set Content-Security-Policy "frame-src 'self'"
# CSP header based on the default applied by ASF Infra team
# Header set Content-Security-Policy "default-src 'self' data: blob:
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/
https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline'
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/
https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob:
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/
https://*.scarf.sh/ ; worker-src 'self' data: blob:;"
Header always set X-Frame-Options SAMEORIGIN
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
