(doris-website) branch master updated: [fix] allow analytics.apache.org in CSP so Matomo loads (#3652)

Fri, 15 May 2026 09:40:54 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-website.git


The following commit(s) were added to refs/heads/master by this push:
     new 47613d1cf1b [fix] allow analytics.apache.org in CSP so Matomo loads 
(#3652)
47613d1cf1b is described below

commit 47613d1cf1bf2d26af27a8b0140b4083eea48566
Author: Mingyu Chen (Rayner) <[email protected]>
AuthorDate: Fri May 15 09:40:39 2026 -0700

    [fix] allow analytics.apache.org in CSP so Matomo loads (#3652)
    
    CSP was introduced in #3139 (2025-12-02) without analytics.apache.org
    in script-src/connect-src, which silently blocked matomo.js and all
    trackPageView requests. Result: ~5 months of severely undercounted
    pageviews on the Apache Matomo dashboard. Add the host to both
    directives.
---
 static/.htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/.htaccess b/static/.htaccess
index 6ab39df5dbd..0fbaaa32adb 100644
--- a/static/.htaccess
+++ b/static/.htaccess
@@ -1,5 +1,5 @@
 <IfModule mod_headers.c>
-    Header set Content-Security-Policy "script-src 'self' 
https://cdnd.selectdb.com widget.kapa.ai www.google.com https://hcaptcha.com 
https://*.hcaptcha.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; 
connect-src 'self' proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app 
metrics.kapa.ai https://hcaptcha.com https://*.hcaptcha.com www.google.com; 
frame-src 'self' www.google.com https://hcaptcha.com https://*.hcaptcha.com; 
worker-src 'self' https://cdnd.selectdb.com blob:;  [...]
+    Header set Content-Security-Policy "script-src 'self' 
https://cdnd.selectdb.com https://analytics.apache.org widget.kapa.ai 
www.google.com https://hcaptcha.com https://*.hcaptcha.com 
https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 
https://analytics.apache.org proxy.kapa.ai 
kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai https://hcaptcha.com 
https://*.hcaptcha.com www.google.com; frame-src 'self' www.google.com 
https://hcaptcha.com https://*.hcaptch [...]
 </IfModule>
 
 # Legacy /docs/dev/* paths whose 1:1 target was retired (renamed slugs, removed


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to