[
https://issues.apache.org/jira/browse/KAFKA-19835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18032998#comment-18032998
]
ASF GitHub Bot commented on KAFKA-19835:
----------------------------------------
sebbASF commented on PR #733:
URL: https://github.com/apache/kafka-site/pull/733#issuecomment-3448151327
Your explanation covers why the override is needed.
However it does not cover why the override is allowed.
According to https://infra.apache.org/tools/csp.html
"Each additional host you add MUST have been pre-approved by VP Data Privacy
([[email protected]](mailto:[email protected])), and SHOULD have an
accompanying comment in the .htaccess file explaining why the CSP is changed
and where permission was obtained."
> The Content-Security-Policy header must not be overridden
> ---------------------------------------------------------
>
> Key: KAFKA-19835
> URL: https://issues.apache.org/jira/browse/KAFKA-19835
> Project: Kafka
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Kuan Po Tseng
> Priority: Major
>
> [https://github.com/apache/kafka-site/blob/905299a0b7e2e3892d9493c7dcaaf78dce035c00/.htaccess#L13]
> The Content-Security-Policy header must not be overridden.
> There is now a standard way to add local exceptions to the CSP:
> [https://infra.apache.org/tools/csp.html]
> Please update the .htaccess file accordingly.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
