This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch fix-kapa-widget in repository https://gitbox.apache.org/repos/asf/superset.git
commit d61d12608a3aeed6ee9deece912ecf25db63e222 Author: Evan Rusackas <[email protected]> AuthorDate: Mon Mar 17 10:55:42 2025 -0600 fix(docs): poking a CSP hole for Kapa AI widget --- docs/static/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/static/.htaccess b/docs/static/.htaccess index 179d9a0472..2b66800a88 100644 --- a/docs/static/.htaccess +++ b/docs/static/.htaccess @@ -22,7 +22,7 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L] RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC] RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L] -Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.githubusercontent.com *.scarf.sh *.googleapis.com *.github.com *.algolia.net *.algolianet.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com https://sidebar.bugherd.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self'; object-src 'none'" +Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org widget.kapa.ai *.githubusercontent.com *.scarf.sh *.googleapis.com *.github.com *.algolia.net *.algolianet.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com https://sidebar.bugherd.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self'; object-src 'none'" # REDIRECTS
