[
https://issues.apache.org/jira/browse/HBASE-29379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dávid Paksy resolved HBASE-29379.
---------------------------------
Resolution: Not A Problem
> Photo images are blocked by CSP on Team website page
> ----------------------------------------------------
>
> Key: HBASE-29379
> URL: https://issues.apache.org/jira/browse/HBASE-29379
> Project: HBase
> Issue Type: Bug
> Components: website
> Reporter: Dávid Paksy
> Assignee: Dávid Paksy
> Priority: Major
> Attachments: image-2025-06-06-09-03-12-039.png,
> image-2025-06-06-09-04-00-402.png
>
>
> It seems that the recently enabled Content Security Policy (CSP) now blocks
> photo images of team members on the project team page:
> [https://hbase.apache.org/team.html]
> Also there is an error logged to browser dev tool console about this:
> {noformat}
> Refused to load the image
> 'https://www.gravatar.com/avatar/de20895d3fbc56885e0c6679e428113d?d=mm&s=60'
> because it violates the following Content Security Policy directive:
> "default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'
> https://www.apachecon.com/ https://www.communityovercode.org/
> https://*.apache.org/ https://apache.org/ https://*.scarf.sh/";. Note that
> 'img-src' was not explicitly set, so 'default-src' is used as a
> fallback.{noformat}
> Before:
> !image-2025-06-06-09-03-12-039.png!
>
> Now
> !image-2025-06-06-09-04-00-402.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
