(pulsar-site) branch main updated: fix: Add Algolia domains to CSP config for DocSearch (#1082)

[penghui]

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git


The following commit(s) were added to refs/heads/main by this push:
     new cf005da2a1e fix: Add Algolia domains to CSP config for DocSearch 
(#1082)
cf005da2a1e is described below

commit cf005da2a1ebe7f3d8a6aa517c421c879f2a1571
Author: Penghui Li <peng...@apache.org>
AuthorDate: Mon Jan 26 10:38:02 2026 -0800

    fix: Add Algolia domains to CSP config for DocSearch (#1082)
    
    The Content-Security-Policy header was blocking Algolia DocSearch scripts
    and API requests, causing the search functionality to not work on the
    documentation site.
    
    This fix adds the required Algolia domains to both script-src and
    connect-src directives in the CSP header.
    
    Issue: Search functionality not working on pulsar.apache.org
---
 static/.htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/.htaccess b/static/.htaccess
index c8b4fac5b62..25f27322b56 100755
--- a/static/.htaccess
+++ b/static/.htaccess
@@ -32,5 +32,5 @@ RewriteRule "^contributing/?$" "/contribute" [R=301,DPI,L]
 RewriteRule "^pulsar-manager-release-notes/?$" "/release-notes" [R=301,DPI,L]
 
 <IfModule mod_headers.c>
-    Header set Content-Security-Policy "script-src 'self' widget.kapa.ai 
www.google.com https://hcaptcha.com https://*.hcaptcha.com 
https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 
proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai 
https://hcaptcha.com https://*.hcaptcha.com www.google.com; frame-src 'self' 
www.google.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 
'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com;";
+    Header set Content-Security-Policy "script-src 'self' 
https://*.algolia.net https://*.algolianet.com https://*.algolia.io 
widget.kapa.ai www.google.com https://hcaptcha.com https://*.hcaptcha.com 
https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 
https://*.algolia.net https://*.algolianet.com https://*.algolia.io 
proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai 
https://hcaptcha.com https://*.hcaptcha.com www.google.com; frame-src 'self' w 
[...]
 </IfModule>
\ No newline at end of file