(skywalking-website) branch master updated: Refactor Content-Security-Policy in .htaccess (#811)

Sat, 24 Jan 2026 23:22:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhangjuntao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking-website.git


The following commit(s) were added to refs/heads/master by this push:
     new 5835726f5a6 Refactor Content-Security-Policy in .htaccess (#811)
5835726f5a6 is described below

commit 5835726f5a605093e46c5e8007468097f1e1587f
Author: Zhang Juntao <[email protected]>
AuthorDate: Sun Jan 25 15:22:32 2026 +0800

    Refactor Content-Security-Policy in .htaccess (#811)
    
    * Refactor Content-Security-Policy in .htaccess
    
    Updated Content-Security-Policy to simplify directives and enhance security.
    
    * update .htaccess
---
 .htaccess | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.htaccess b/.htaccess
index 5785b041966..6688f2aa0d7 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,13 +1,15 @@
 ErrorDocument 404 /404.html
 
 <IfModule mod_headers.c>
-    Header always set Content-Security-Policy "default-src 'self' https: data: 
'unsafe-inline'; \
-    frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://hcaptcha.com https://*.hcaptcha.com; \
-    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://hcaptcha.com 
https://*.hcaptcha.com; \
+    Header always set Content-Security-Policy "default-src 'self'; \
+    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
     connect-src 'self' https://*.algolianet.com https://*.algolia.net 
https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
-    style-src 'self' 'unsafe-inline' https://hcaptcha.com 
https://*.hcaptcha.com; \
-    img-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com; \
-    frame-ancestors 'self'; \
+    frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://*.hcaptcha.com; \
+    style-src 'self' 'unsafe-inline' https:; \
+    img-src 'self' data: https:; \
+    font-src 'self' data: https:; \
+    media-src 'self' https:; \
     object-src 'none'; \
+    frame-ancestors 'self'; \
     upgrade-insecure-requests;"
 </IfModule>

Reply via email to