From 7dcf5162c709f83140bfb2515df252c178fbecf5 Mon Sep 17 00:00:00 2001 From: Logic Date: Fri, 16 Jan 2026 20:44:55 +0800 Subject: [PATCH] fix: update Content Security Policy in .htaccess to include new domains --- home/static/.htaccess | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/home/static/.htaccess b/home/static/.htaccess index 69317d53e34..56a3dea82b7 100644 --- a/home/static/.htaccess +++ b/home/static/.htaccess @@ -1,2 +1,3 @@ -# CSP permissions for hertzbeat.apache.org - Adding 3rd party service Algolia & Kapa.ai -SetEnv CSP_PROJECT_DOMAINS "https://*.algolia.net/ https://*.algolianet.com/ https://*.algolia.io/ https://widget.kapa.ai https://proxy.kapa.ai https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://metrics.kapa.ai https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com" + + Header set Content-Security-Policy "default-src data: blob: 'self' *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com; worker-src 'self' data: blob:; img-src 'self' blob: data: https:; font-src 'self' data: blob:; object-src 'none'" +