[jira] [Updated] (GROOVY-11773) Search on groovy.apache.org broken due to CSP violation

Eric Milles (Jira) Wed, 25 Feb 2026 15:57:10 -0800


     [ 
https://issues.apache.org/jira/browse/GROOVY-11773?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Milles updated GROOVY-11773:
---------------------------------
    Labels: web  (was: )

> Search on groovy.apache.org broken due to CSP violation
> -------------------------------------------------------
>
>                 Key: GROOVY-11773
>                 URL: https://issues.apache.org/jira/browse/GROOVY-11773
>             Project: Groovy
>          Issue Type: Bug
>         Environment: macOS; Brave (Browser)
>            Reporter: Gerd Aschemann
>            Priority: Major
>              Labels: web
>
> When opening the [search page|https://groovy.apache.org/search.html] on the 
> [Apache Groovy Site|https://groovy.apache.org/], it does not show a search 
> form/button. Instead an error is printed to the (Browser) console:
>  
> {code:java}
> search.html:77 Refused to load the script 
> 'https://www.google.com/cse/cse.js?cx=0139398…:hbhn__olhii' because it 
> violates the following Content Security Policy directive: "script-src 'self' 
> data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ 
> https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ 
> https://*.scarf.sh/";. Note that 'script-src-elem' was not explicitly set, so 
> 'script-src' is used as a fallback.
> (anonymous)@search.html:77(anonymous)@search.html:78 {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (GROOVY-11773) Search on groovy.apache.org broken due to CSP violation

Reply via email to