(seatunnel-website) branch asf-site updated: Update Content-Security-Policy in .htaccess

Fri, 16 Jan 2026 16:10:34 -0800 

This is an automated email from the ASF dual-hosted git repository.

shenghang pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/seatunnel-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 8f3374746a8f Update Content-Security-Policy in .htaccess
8f3374746a8f is described below

commit 8f3374746a8fe76ad2adb479307ecc832cf0ee76
Author: Jast <[email protected]>
AuthorDate: Sat Jan 17 08:10:22 2026 +0800

    Update Content-Security-Policy in .htaccess
---
 .htaccess | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.htaccess b/.htaccess
index ad7389079604..da2f0b04f44f 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,3 +1,13 @@
 ErrorDocument 404 /404.html
 
-Header set Content-Security-Policy "default-src data: blob: 'self' 
*.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com 
*.run.app *.gstatic.com *.github.com https://hcaptcha.com 
https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com 
*.communityovercode.org 'unsafe-inline' 'unsafe-eval'; script-src data: blob: 
'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com 
*.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com  [...]
+<IfModule mod_headers.c>
+    Header set Content-Security-Policy "default-src 'self' data: blob: 
*.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com 
*.run.app *.gstatic.com *.github.com https://hcaptcha.com 
https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com 
*.communityovercode.org 'unsafe-inline' 'unsafe-eval'; \
+script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.kapa.ai www.google.com 
https://hcaptcha.com https://*.hcaptcha.com https://www.gstatic.com; \
+connect-src 'self' proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app 
metrics.kapa.ai *.algolia.net *.algolianet.com https://hcaptcha.com 
https://*.hcaptcha.com www.google.com; \
+frame-src 'self' * www.google.com https://hcaptcha.com https://*.hcaptcha.com; 
\
+frame-ancestors 'self' *.google.com; \
+worker-src 'self' data: blob:; \
+img-src 'self' blob: data: https:; \
+font-src 'self' data: blob:; \
+object-src 'none'"
+</IfModule>

Reply via email to