fix(docs): removing meta tag CSP, poking more holes in htaccess (apac…

…he#27274)
vinothkumar66 · Feb 27, 2024 · 859fa13 · 859fa13
1 parent 4f7f19f
commit 859fa13
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
@@ -261,7 +261,6 @@ const config = {
         theme: lightCodeTheme,
         darkTheme: darkCodeTheme,
       },
-      metadata: [{name: 'Content-Security-Policy', content: "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/';"}],
     }),
   scripts: [
     '/script/matomo.js',

diff --git a/docs/static/.htaccess b/docs/static/.htaccess
@@ -22,4 +22,14 @@ RewriteRule ^(.*)$ https://superset.apache.org/$1 [R,L]
 RewriteCond %{HTTP_HOST} ^superset.incubator.apache.org$ [NC]
 RewriteRule ^(.*)$ https://superset.apache.org/$1 [R=301,L]
 
-Header set Content-Security-Policy "default-src 'self'; frame-src 'https://calendar.google.com/' 'https://preset.io/' 'https://sidebar.bugherd.com/' 'https://unpkg.com/';"
+Header set Content-Security-Policy "default-src 'self'; img-src *;"
+
+Header set Content-Security-Policy "default-src 'self'; \
+script-src 'self'; \
+img-src 'self' https://static.scarf.sh *; \
+style-src 'self' https://fonts.googleapis.com; \
+script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com; \
+style-src-elem 'self' https://fonts.googleapis.com; \
+font-src 'self' https://fonts.gstatic.com; \
+frame-src 'self' https://calendar.google.com https://preset.io https://sidebar.bugherd.com https://unpkg.com; \
+"