This is an automated email from the ASF dual-hosted git repository.
duansg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git
The following commit(s) were added to refs/heads/master by this push:
new 43332f49db [fix]: update Content Security Policy in .htaccess to
include new domains (#3979)
43332f49db is described below
commit 43332f49db7799a1890ddfb595be9221659b9046
Author: Logic <[email protected]>
AuthorDate: Fri Jan 16 20:53:11 2026 +0800
[fix]: update Content Security Policy in .htaccess to include new domains
(#3979)
---
home/static/.htaccess | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/home/static/.htaccess b/home/static/.htaccess
index 69317d53e3..56a3dea82b 100644
--- a/home/static/.htaccess
+++ b/home/static/.htaccess
@@ -1,2 +1,3 @@
-# CSP permissions for hertzbeat.apache.org - Adding 3rd party service Algolia
& Kapa.ai
-SetEnv CSP_PROJECT_DOMAINS "https://*.algolia.net/ https://*.algolianet.com/
https://*.algolia.io/ https://widget.kapa.ai https://proxy.kapa.ai
https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://metrics.kapa.ai
https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com";
+<IfModule mod_headers.c>
+ Header set Content-Security-Policy "default-src data: blob: 'self'
*.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com
*.run.app *.gstatic.com *.github.com https://hcaptcha.com
https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com
*.communityovercode.org 'unsafe-inline' 'unsafe-eval'; frame-src *;
frame-ancestors 'self' *.google.com; worker-src 'self' data: blob:; img-src
'self' blob: data: https:; font-src 'self' data: blob:; object-src 'none'"
+</IfModule>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
