(pinot-site) branch new-site-dev updated: Add Vercel headers for CSP

Fri, 02 Jan 2026 07:42:55 -0800 

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to branch new-site-dev
in repository https://gitbox.apache.org/repos/asf/pinot-site.git


The following commit(s) were added to refs/heads/new-site-dev by this push:
     new bf2a9705 Add Vercel headers for CSP
bf2a9705 is described below

commit bf2a970576959512c964ad15e980a81b93cb3e98
Author: Xiang Fu <[email protected]>
AuthorDate: Fri Jan 2 07:42:22 2026 -0800

    Add Vercel headers for CSP
---
 next.config.js |  1 +
 vercel.json    | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/next.config.js b/next.config.js
index ee2965a6..5842f245 100644
--- a/next.config.js
+++ b/next.config.js
@@ -76,6 +76,7 @@ module.exports = () => {
                 }
             ]
         },
+        // Headers are set via vercel.json for static export deployments.
         // async headers() {
         //     return [
         //         {
diff --git a/vercel.json b/vercel.json
new file mode 100644
index 00000000..993f944f
--- /dev/null
+++ b/vercel.json
@@ -0,0 +1,37 @@
+{
+    "headers": [
+        {
+            "source": "/(.*)",
+            "headers": [
+                {
+                    "key": "Content-Security-Policy",
+                    "value": "default-src 'self'; script-src 'self' 
'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is 
analytics.apache.org www.youtube.com; style-src 'self' 'unsafe-inline'; img-src 
* blob: data:; media-src *.s3.amazonaws.com; connect-src *; font-src 'self'; 
frame-src www.youtube.com youtube.com giscus.app youtu.be;"
+                },
+                {
+                    "key": "Referrer-Policy",
+                    "value": "strict-origin-when-cross-origin"
+                },
+                {
+                    "key": "X-Frame-Options",
+                    "value": "DENY"
+                },
+                {
+                    "key": "X-Content-Type-Options",
+                    "value": "nosniff"
+                },
+                {
+                    "key": "X-DNS-Prefetch-Control",
+                    "value": "on"
+                },
+                {
+                    "key": "Strict-Transport-Security",
+                    "value": "max-age=31536000; includeSubDomains"
+                },
+                {
+                    "key": "Permissions-Policy",
+                    "value": "camera=(), microphone=(), geolocation=()"
+                }
+            ]
+        }
+    ]
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to