[jira] [Comment Edited] (ATLAS-5039) Page for TeamList doesn't render Atlas team members in atlas.apache.org

Thu, 05 Jun 2025 23:56:05 -0700 


    [ 
https://issues.apache.org/jira/browse/ATLAS-5039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17956509#comment-17956509
 ] 

Abhishek Kumar edited comment on ATLAS-5039 at 6/6/25 6:55 AM:
---------------------------------------------------------------

It appears that the Content-Security-Policy of the server atlas.apache.org 
needs to be change to include 
[https://raw.githubusercontent.com/apache/atlas/master/pom.xml|https://raw.githubusercontent.com/apache/atlas/master/pom.xml]

This error is seen in the console:

Refused to connect to 
'https://raw.githubusercontent.com/apache/atlas/master/pom.xml' because it 
violates the following Content Security Policy directive: "default-src 'self' 
data: blob: 'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/]";. Note that 'connect-src' was not 
explicitly set, so 'default-src' is used as a fallback.

Current CSP:
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 
[https://www.apachecon.com/] [https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; script-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; style-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; frame-ancestors 'self'; frame-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; worker-src 'self' data: blob:;


was (Author: abhi_2110):
It appears that the Content-Security-Policy of the server atlas.apache.org 
needs to be change to include 
[https://raw.githubusercontent.com/apache/atlas/master/pom.xml|https://raw.githubusercontent.com/apache/atlas/master/pom.xml']

This error is seen in the console:

Refused to connect to 
'https://raw.githubusercontent.com/apache/atlas/master/pom.xml' because it 
violates the following Content Security Policy directive: "default-src 'self' 
data: blob: 'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/]";. Note that 'connect-src' was not 
explicitly set, so 'default-src' is used as a fallback.

Current CSP:
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 
[https://www.apachecon.com/] [https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; script-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; style-src 'self' data: blob: 
'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; frame-ancestors 'self'; frame-src 
'self' data: blob: 'unsafe-inline' 'unsafe-eval' [https://www.apachecon.com/] 
[https://www.communityovercode.org/] 
[https://*.apache.org/|https://%2A.apache.org/] [https://apache.org/] 
[https://*.scarf.sh/|https://%2A.scarf.sh/] ; worker-src 'self' data: blob:;

> Page for TeamList doesn't render Atlas team members in atlas.apache.org  
> -------------------------------------------------------------------------
>
>                 Key: ATLAS-5039
>                 URL: https://issues.apache.org/jira/browse/ATLAS-5039
>             Project: Atlas
>          Issue Type: Bug
>          Components: atlas-webui
>            Reporter: Abhishek Kumar
>            Priority: Major
>         Attachments: atlas-apache-org-sidebar.png, 
> atlas-apache-org-teamlist.png
>
>
> When navigating to [https://atlas.apache.org/#/TeamList] to view the team 
> members, the page does not seem to load the contents as seen in the 
> screenshots attached.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to