thisisnic opened a new issue, #45720: URL: https://github.com/apache/arrow/issues/45720
### Describe the bug, including details regarding any error messages, version, and platform. Last week we merged a PR to add an "ask AI" widget to the docs, but when looking at the dev docs site, it isn't loading correctly. It appears to be permissions-related. In the R docs, developer tools show: ``` Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://widget.kapa.ai/kapa-widget.bundle.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html) Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://www.r-pkg.org/badges/version-last-release/arrow because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html) Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://github.com/apache/arrow/workflows/R/badge.svg?event=push because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html) Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://apache.r-universe.dev/badges/arrow because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html) Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://img.shields.io/conda/vn/conda-forge/r-arrow.svg because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” ``` On the main docs: ``` Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://widget.kapa.ai/kapa-widget.bundle.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” ``` In the [privacy docs it says that we should have user consent before loading](https://privacy.apache.org/faq/committers.html#can-i-use-web-analytics-matomo), but I did activate this. It works fine on the PR preview: http://crossbow.voltrondata.com/pr_docs/45667 Will investigate further later unless anyone else has any ideas! ### Component(s) Documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@arrow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
