Commit 845283c
fix: use SetEnv CSP_PROJECT_DOMAINS instead of overriding CSP header (#815)
Follow Apache Infra standard CSP handling per https://infra.apache.org/tools/csp.html
The Content-Security-Policy header must not be overridden directly.
Instead, use SetEnv CSP_PROJECT_DOMAINS to add project-specific domains
to the default Apache CSP base policy.
Co-authored-by: Zhang Juntao <zhangjuntao@apache.org>1 parent 676041e commit 845283c
1 file changed
Lines changed: 2 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
4 | | - | |
5 | | - | |
| 3 | + | |
| 4 | + | |
0 commit comments