(skywalking-website) 01/01: Refactor Content-Security-Policy in .htaccess

Sat, 24 Jan 2026 22:18:38 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhangjuntao pushed a commit to branch Jtrust-patch-1
in repository https://gitbox.apache.org/repos/asf/skywalking-website.git

commit 282a61537273e4d476d019cec3e90cb8769b24f7
Author: Zhang Juntao <[email protected]>
AuthorDate: Sun Jan 25 14:18:22 2026 +0800

    Refactor Content-Security-Policy in .htaccess
    
    Updated Content-Security-Policy to simplify directives and enhance security.
---
 .htaccess | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/.htaccess b/.htaccess
index 5785b041966..2626cd4b653 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,13 +1,17 @@
 ErrorDocument 404 /404.html
 
 <IfModule mod_headers.c>
-    Header always set Content-Security-Policy "default-src 'self' https: data: 
'unsafe-inline'; \
-    frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://hcaptcha.com https://*.hcaptcha.com; \
-    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://hcaptcha.com 
https://*.hcaptcha.com; \
+    Header always set Content-Security-Policy "default-src 'self'; \
+    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://js.hcaptcha.com 
https://*.hcaptcha.com; \
     connect-src 'self' https://*.algolianet.com https://*.algolia.net 
https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
-    style-src 'self' 'unsafe-inline' https://hcaptcha.com 
https://*.hcaptcha.com; \
-    img-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com; \
-    frame-ancestors 'self'; \
+    frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://*.hcaptcha.com; \
+    style-src 'self' 'unsafe-inline' https:; \
+    img-src 'self' data: https:; \
+    font-src 'self' data: https:; \
+    media-src 'self' https:; \
     object-src 'none'; \
+    frame-ancestors 'self'; \
+    base-uri 'self'; \
+    form-action 'self'; \
     upgrade-insecure-requests;"
 </IfModule>

Reply via email to