singhpk234 commented on issue #941: URL: https://github.com/apache/polaris/issues/941#issuecomment-2635142316
@HonahX thank you for your question ! as you will see the default CSP policy which is getting applied when rendering https://polaris.apache.org/in-dev/unreleased/rest-catalog-open-api/ is ``` "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/"; ``` which our current script violate (Note this doesn't get applied to developement env), to replicate this please go to hugo.yaml and add this to the end before rendering your websire ``` server: headers: for: /** values: Content-Security-Policy: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/"; ``` To mitigate this add this policy ``` server: headers: for: /** values: Content-Security-Policy: >2 script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://cdn.jsdelivr.net ``` P.S Not an expert in this area :P, please take this with a grain of salt ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
