ebarboni commented on code in PR #15: URL: https://github.com/apache/netbeans-antora/pull/15#discussion_r1531819763
########## supplemental-ui/.htaccess: ########## @@ -1,5 +1,11 @@ DirectoryIndex index.html index.asciidoc +## set a policy to allow youtube.com video (avideo block macro reladed + wip) +<IfModule mod_headers.c> +Header set Content-Security-Policy "frame-src 'self' https://www.youtube.com " +</IfModule> Review Comment: I tried to look via curl locally and the best way to "edit" the existing CSP that come from ASF is to append at begining of "frame-src" and "script-src" the url we want to allow what we wants The CSP of main ASF could be found there. https://github.com/apache/infrastructure-p6/blob/22223a2f370937bfbc7607bc965dea349f0befa6/data/roles/tlpserver.yaml#L568C6-L569C7 https://github.com/apache/infrastructure-p6/blob/22223a2f370937bfbc7607bc965dea349f0befa6/data/roles/tlpserver.yaml#L1455 by using edit like this we have a "valid" csp Header edit Content-Security-Policy "frame-src" "frame-src https://www.youtube.com"; Header edit Content-Security-Policy "script-src" "script-src https://www.youtube.com"; -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
