kevinjqliu opened a new pull request, #173: URL: https://github.com/apache/datafusion-site/pull/173
This PR adds `https://giscus.app` to the Content Security Policy (CSP) on the `asf-site` branch so the Giscus comments widget can load. Addition to the CSP has been approved by VP Data Privacy on 2026-05-09. ### Context The blog templates and `giscus-consent.js` are already deployed but the CSP currently blocks `giscus.app/client.js`: > Loading the script 'https://giscus.app/client.js' violates the following Content Security Policy directive: "script-src 'self' …" Per [ASF CSP docs](https://infra.apache.org/tools/csp.html), this adds `SetEnv CSP_PROJECT_DOMAINS` to the root `.htaccess`. **Why this PR targets `asf-site`:** The Pelican publish workflow only replaces the `output/` directory on `asf-site` — it never touches root-level files like `.htaccess`. The `.htaccess` that the web server reads lives at the root of `asf-site`, so the CSP change must be committed directly to that branch. Relates to #80, #104 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
