This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch chore/remove-unused-csp-domain in repository https://gitbox.apache.org/repos/asf/superset.git
commit 5e7fe3391c45811759d3644e4812c02312a38e20 Author: Evan Rusackas <[email protected]> AuthorDate: Tue Dec 16 15:16:59 2025 -0800 chore(docs): remove unused *.run.app from CSP The *.run.app domain was never used by the docs site and can be safely removed from the Content-Security-Policy header. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --- docs/static/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/static/.htaccess b/docs/static/.htaccess index 4012579253..c36c00a002 100644 --- a/docs/static/.htaccess +++ b/docs/static/.htaccess @@ -22,7 +22,7 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L] RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC] RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L] -Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org widget.kapa.ai *.githubusercontent.com *.scarf.sh *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com *.algolia.net *.algolianet.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com https://sidebar.bugherd.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self'; object-src 'none'" +Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org widget.kapa.ai *.githubusercontent.com *.scarf.sh *.googleapis.com *.google.com *.gstatic.com *.github.com *.algolia.net *.algolianet.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com https://sidebar.bugherd.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self'; object-src 'none'" # REDIRECTS
