(seatunnel-website) branch fix/csp-connect-src updated: fix: update Content-Security-Policy in .htaccess for improved security and widget support

Fri, 16 Jan 2026 16:18:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

shenghang pushed a commit to branch fix/csp-connect-src
in repository https://gitbox.apache.org/repos/asf/seatunnel-website.git


The following commit(s) were added to refs/heads/fix/csp-connect-src by this 
push:
     new 6476303e9dd1 fix: update Content-Security-Policy in .htaccess for 
improved security and widget support
6476303e9dd1 is described below

commit 6476303e9dd1dcc3a3583d0ea096753381fa27f8
Author: Shenghang <[email protected]>
AuthorDate: Sat Jan 17 08:17:27 2026 +0800

    fix: update Content-Security-Policy in .htaccess for improved security and 
widget support
---
 .htaccess | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.htaccess b/.htaccess
index ad7389079604..2549e58a3017 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,3 +1,13 @@
 ErrorDocument 404 /404.html
 
-Header set Content-Security-Policy "default-src data: blob: 'self' 
*.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com 
*.run.app *.gstatic.com *.github.com https://hcaptcha.com 
https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com 
*.communityovercode.org 'unsafe-inline' 'unsafe-eval'; script-src data: blob: 
'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com 
*.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com  [...]
+<IfModule mod_headers.c>
+    Header set Content-Security-Policy "default-src 'self' data: blob: 
*.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com 
*.run.app *.gstatic.com *.github.com https://hcaptcha.com 
https://*.hcaptcha.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 
'unsafe-eval'; \
+script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.kapa.ai www.google.com 
https://hcaptcha.com https://*.hcaptcha.com https://www.gstatic.com; \
+connect-src 'self' proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app 
metrics.kapa.ai *.algolia.net *.algolianet.com https://hcaptcha.com 
https://*.hcaptcha.com www.google.com; \
+frame-src 'self' * www.google.com https://hcaptcha.com https://*.hcaptcha.com; 
\
+frame-ancestors 'self' *.google.com; \
+worker-src 'self' data: blob:; \
+img-src 'self' blob: data: https:; \
+font-src 'self' data: blob:; \
+object-src 'none'"
+</IfModule>
\ No newline at end of file

Reply via email to