This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/poi.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 5b18da898d Update .htaccess
5b18da898d is described below
commit 5b18da898da3d9550a416f683341398015948cc3
Author: PJ Fanning <[email protected]>
AuthorDate: Mon Oct 27 17:02:33 2025 +0000
Update .htaccess
---
content/.htaccess | 4 ----
1 file changed, 4 deletions(-)
diff --git a/content/.htaccess b/content/.htaccess
index 59472e5056..bafcff735a 100644
--- a/content/.htaccess
+++ b/content/.htaccess
@@ -26,10 +26,6 @@ RewriteRule ^apidocs/(overview*)$ /apidocs/dev/$1
[R=permanent]
# Security Headers
Header set Strict-Transport-Security "max-age=31536000"
-# long term CSP header but not detailed enough
-# Header set Content-Security-Policy "frame-src 'self'"
-# CSP header based on the default applied by ASF Infra team
-# Header set Content-Security-Policy "default-src 'self' data: blob:
'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/
https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline'
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon. [...]
Header always set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
