From d8396b3d9974b5fb0b4bc6e9e559824eb90d26bf Mon Sep 17 00:00:00 2001
From: Evan Rusackas <evan@rusackas.com>
Date: Tue, 27 Feb 2024 14:32:08 -0700
Subject: [PATCH 1/2] more access!

---
 docs/static/.htaccess | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index 0e3d2d8f7e2ff..aa0c75e328852 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -28,8 +28,8 @@ Header set Content-Security-Policy "default-src 'self'; \
 script-src 'self'; \
 img-src 'self' https://static.scarf.sh *; \
 style-src 'self' https://fonts.googleapis.com; \
-script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com; \
-style-src-elem 'self' https://fonts.googleapis.com; \
+script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; \
+style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.apache.org https://www.bugherd.com; \
 font-src 'self' https://fonts.gstatic.com; \
 frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
 "

From 15affbebfd3d7c4da5ade7c7c31951bb30a17b12 Mon Sep 17 00:00:00 2001
From: Evan Rusackas <evan@rusackas.com>
Date: Tue, 27 Feb 2024 15:32:53 -0700
Subject: [PATCH 2/2] fix(docs): more CSP adjustments...

---
 docs/static/.htaccess | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/static/.htaccess b/docs/static/.htaccess
index aa0c75e328852..5453e5eb80053 100644
--- a/docs/static/.htaccess
+++ b/docs/static/.htaccess
@@ -22,7 +22,7 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
 RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
 RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
 
-Header set Content-Security-Policy "default-src 'self'; img-src *;"
+# Header set Content-Security-Policy "default-src 'self'; img-src *;"
 
 Header set Content-Security-Policy "default-src 'self'; \
 script-src 'self'; \
@@ -30,6 +30,7 @@ img-src 'self' https://static.scarf.sh *; \
 style-src 'self' https://fonts.googleapis.com; \
 script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; \
 style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.apache.org https://www.bugherd.com; \
+frame-ancestors 'self' https://preset.io; \
 font-src 'self' https://fonts.gstatic.com; \
 frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
 "