Senrian opened a new pull request, #815: URL: https://github.com/apache/skywalking-website/pull/815
## What Fixes https://github.com/apache/skywalking/issues/13554 ## Why The `.htaccess` file was directly setting the `Content-Security-Policy` header via `Header set Content-Security-Policy`, which overrides the Apache infrastructure default CSP. Per [Apache Infra's standard CSP handling](https://infra.apache.org/tools/csp.html), projects must use `SetEnv CSP_PROJECT_DOMAINS` to add project-specific domains to the default CSP base policy, rather than replacing the header entirely. ## How - Removed: `Header set Content-Security-Policy "frame-src 'self' https://www.google.com https://app.netlify.com"` - Added: `SetEnv CSP_PROJECT_DOMAINS "https://www.google.com https://app.netlify.com"` This allows Apache Infra's default CSP to remain intact while adding the necessary domains for Netlify and Google (used for site functionality). ## Testing - The changed file is valid `.htaccess` syntax - The domains listed match exactly those previously allowed by the overridden CSP header -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
