Re: [PR] HBASE-29689 Upgrade the website [hbase]

Wed, 05 Nov 2025 04:35:20 -0800 


PDavid commented on code in PR #7419:
URL: https://github.com/apache/hbase/pull/7419#discussion_r2493937028


##########
src/site/app/root.tsx:
##########
@@ -0,0 +1,106 @@
+import {
+  isRouteErrorResponse,
+  Links,
+  Meta,
+  Outlet,
+  Scripts,
+  ScrollRestoration
+} from "react-router";
+
+import type { Route } from "./+types/root";
+import "./app.css";
+import { SiteFooter } from "./components/site-footer";
+import { SiteNavbar } from "./components/site-navbar";
+import { GettingStartedSection } from "./components/getting-started";
+import { ThemeProvider } from "./lib/theme-provider";
+
+export const links: Route.LinksFunction = () => [
+  { rel: "preconnect", href: "https://fonts.googleapis.com"; },
+  {
+    rel: "preconnect",
+    href: "https://fonts.gstatic.com";,
+    crossOrigin: "anonymous"
+  },
+  {
+    rel: "stylesheet",
+    href: 
"https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap";

Review Comment:
   Can we self-host this instead of loading it from CDN? The Apache Software 
Foundation applies a rather strict Content Security Policy which does not allow 
loading this:
   
   ```
   Loading the stylesheet 
'https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap'
 violates the following Content Security Policy directive: "style-src 'self' 
data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/";. Note that 'style-src-elem' was not explicitly set, so 
'style-src' is used as a fallback. The action has been blocked.
   ```
   
   This is the ASF CSP by the way:
   
   ```
   default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 
https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 
'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 
'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 
https://www.apachecon.com/ https://www.communityovercode.org/ 
https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 
'self' data: blob:;
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to