The CSP restrictions are explained here: https://infra.apache.org/csp.html
You can have the badges on the project home page in GitHub. On Sat, 21 Jun 2025 at 07:18, Stefan Krawczyk <[email protected]> wrote: > > Hi, > > We can't display the badges on hamilton.apache.org due to some content > security policy (CSP) on the webserver. > > i.e. in the console you see: > > > > > > > > > *Refused to load the image > 'https://img.shields.io/badge/Join-Hamilton_Slack-brightgreen?logo=slack > <https://img.shields.io/badge/Join-Hamilton_Slack-brightgreen?logo=slack>' > because it violates the following Content Security Policy directive: > "img-src 'self' data: https://www.apache.org/ <https://www.apache.org/> > https://www.apachecon.com/ <https://www.apachecon.com/>".Understand this > errorhamilton.staged.apache.org/:638 > <http://hamilton.staged.apache.org/:638> Refused to load the image > 'https://img.shields.io/twitter/url/http/shields.io.svg?style=social > <https://img.shields.io/twitter/url/http/shields.io.svg?style=social>' > because it violates the following Content Security Policy directive: > "img-src 'self' data: https://www.apache.org/ <https://www.apache.org/> > https://www.apachecon.com/ <https://www.apachecon.com/>".Understand this > errorhamilton.staged.apache.org/:638 > <http://hamilton.staged.apache.org/:638> Refused to load the image > 'https://pepy.tech/badge/sf-hamilton <https://pepy.tech/badge/sf-hamilton>' > because it violates the following Content Security Policy directive: > "img-src 'self' data: https://www.apache.org/ <https://www.apache.org/> > https://www.apachecon.com/ <https://www.apachecon.com/>".Understand this > errorhamilton.staged.apache.org/:638 > <http://hamilton.staged.apache.org/:638> Refused to load the image > 'https://static.pepy.tech/badge/sf-hamilton/month > <https://static.pepy.tech/badge/sf-hamilton/month>' because it violates the > following Content Security Policy directive: "img-src 'self' data: > https://www.apache.org/ <https://www.apache.org/> > https://www.apachecon.com/ <https://www.apachecon.com/>".Understand this > error* > > Gemini says that we'd need to add the domains here to be allowed. Is that > something we can do / change? > > Cheers, > > Stefan
