You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add the kapa.ai domain to the content security policy so that the AI bot we are trying out can load. Following the approach shown on apache/dubbo-website#2925 but being more restrictive on URLs.
What changes are included in this PR?
Updates to sphinx and pkgdown docs to fix this
Are these changes tested?
Nope - this wasn't an issue on the docs built in crossbow when I tested it on the PR, so I was thinking I just check it's working on the dev docs once they're built
Hmm, looking at the original error, I'm now wondering if I need to add the others back in to prevent blocking access to others?
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://widget.kapa.ai/kapa-widget.bundle.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/”
I think this is wrong actually - I may need to open a ticket with infra...
AIUI, the only way to modify the CSP is to ask privacy@apache.org. See https://infra.apache.org/csp.html for details. I banged my head on the wall for several days trying to get the GitHub star count badge to work by modifying the CSP here using meta tags and then using .htaccess, but the ASF has the Apache web server configured to prevent those approaches from working. Ultimately I decided to just remove the star count from the badge. You can see PRs 595 through 603 in the arrow-site repo where I experimented with this with no success :)
I'm hopeful - it's one of the few things expressly allowed as kapa.ai has signed a DPA with the ASF, so it feels like it's just the technical details to resolve here 🤞
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
added
Component: R
Component: Documentation
awaiting committer review
Rationale for this change
Add the kapa.ai domain to the content security policy so that the AI bot we are trying out can load. Following the approach shown on apache/dubbo-website#2925 but being more restrictive on URLs.
What changes are included in this PR?
Updates to sphinx and pkgdown docs to fix this
Are these changes tested?
Nope - this wasn't an issue on the docs built in crossbow when I tested it on the PR, so I was thinking I just check it's working on the dev docs once they're built
Are there any user-facing changes?
Nope