This is an automated email from the ASF dual-hosted git repository.
ntimofeev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cayenne-website.git
The following commit(s) were added to refs/heads/master by this push:
new 9db6db95c Add CSP header to allow content from youtube
9db6db95c is described below
commit 9db6db95cdff1c73faf10243b17ad53e51895992
Author: Nikita Timofeev <[email protected]>
AuthorDate: Wed Apr 10 14:05:00 2024 +0400
Add CSP header to allow content from youtube
---
src/main/site/layouts/partials/head.html | 2 --
src/main/site/static/.htaccess | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/main/site/layouts/partials/head.html
b/src/main/site/layouts/partials/head.html
index 484a70088..ed5432218 100644
--- a/src/main/site/layouts/partials/head.html
+++ b/src/main/site/layouts/partials/head.html
@@ -13,8 +13,6 @@
<meta name="msapplication-TileImage"
content="/img/favicon/mstile-144x144.png">
<meta name="msapplication-config"
content="/img/favicon/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
- <meta http-equiv="Content-Security-Policy"
- content="default-src 'self'; child-src 'none'; frame-src
youtube.com https://www.youtube.com;";>
<link rel="stylesheet" href="{{ "css/styles.css" | absURL }}"/>
<script src="{{ "js/bundle.js" | absURL }}"></script>
<script
src="https://www.apachecon.com/event-images/snippet.js";></script>
diff --git a/src/main/site/static/.htaccess b/src/main/site/static/.htaccess
index 67f9833b3..11191e4e4 100644
--- a/src/main/site/static/.htaccess
+++ b/src/main/site/static/.htaccess
@@ -86,6 +86,8 @@ RedirectMatch 404 /\.git
Header set Cache-Control "max-age=2628000, public"
</filesMatch>
+Header set Content-Security-Policy "default-src 'self'; img-src https://*;
child-src 'none'; frame-src youtube.com https://www.youtube.com;";
+
# Enable gzip compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html
