(skywalking-website) 01/01: Update Content-Security-Policy in .htaccess

Sat, 24 Jan 2026 23:32:07 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhangjuntao pushed a commit to branch Jtrust-patch-2
in repository https://gitbox.apache.org/repos/asf/skywalking-website.git

commit c3b8a0e08509033258b8843a5bff04960ba83a4f
Author: Zhang Juntao <[email protected]>
AuthorDate: Sun Jan 25 15:31:34 2026 +0800

    Update Content-Security-Policy in .htaccess
---
 .htaccess | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/.htaccess b/.htaccess
index 6688f2aa0d7..5bb2e7eb462 100644
--- a/.htaccess
+++ b/.htaccess
@@ -2,14 +2,13 @@ ErrorDocument 404 /404.html
 
 <IfModule mod_headers.c>
     Header always set Content-Security-Policy "default-src 'self'; \
-    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
-    connect-src 'self' https://*.algolianet.com https://*.algolia.net 
https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
-    frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://*.hcaptcha.com; \
-    style-src 'self' 'unsafe-inline' https:; \
-    img-src 'self' data: https:; \
-    font-src 'self' data: https:; \
-    media-src 'self' https:; \
-    object-src 'none'; \
-    frame-ancestors 'self'; \
-    upgrade-insecure-requests;"
+script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com 
https://*.algolia.net https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://js.hcaptcha.com 
https://*.hcaptcha.com https://*.apache.org https://apache.org 
https://*.scarf.sh https://www.apachecon.com https://www.communityovercode.org; 
\
+connect-src 'self' https://*.algolianet.com https://*.algolia.net 
https://*.algolia.io https://api.github.com 
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com 
https://*.apache.org https://apache.org https://*.scarf.sh; \
+frame-src 'self' https://www.youtube.com https://player.bilibili.com 
https://*.hcaptcha.com; \
+style-src 'self' 'unsafe-inline' https:; \
+img-src 'self' data: https:; \
+font-src 'self' data: https:; \
+object-src 'none'; \
+frame-ancestors 'self'; \
+upgrade-insecure-requests;"
 </IfModule>

Reply via email to