This is an automated email from the ASF dual-hosted git repository. shenghang pushed a commit to branch fix/csp-connect-src in repository https://gitbox.apache.org/repos/asf/seatunnel-website.git
commit bb106b0d5f500d2bda3281d4481f142a8291f809 Author: Shenghang <[email protected]> AuthorDate: Fri Jan 16 22:01:40 2026 +0800 fix: add script-src and connect-src directives to CSP for kapa.ai widget --- .htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.htaccess b/.htaccess index cc7220a46004..ad7389079604 100644 --- a/.htaccess +++ b/.htaccess @@ -1,3 +1,3 @@ ErrorDocument 404 /404.html -Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com; worker-src 'self' data: blob:; img-src 'self' blob: data: https:; font-src 'self' data: blob:; object-src 'none'" +Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; script-src data: blob: 'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com [...]
