|
Header set Content-Security-Policy "frame-src *" |
The Content-Security-Policy header must not be overridden.
There is now a standard way to add local exceptions to the CSP:
https://infra.apache.org/tools/csp.html
You need to get approval before adding any domains. Also please document such approval in the .htaccess file.
The following are already included in the default:
https://www.apachecon.com/
https://www.communityovercode.org/
https://*.apache.org/
https://apache.org/
https://*.scarf.sh/
dubbo-website/.htaccess
Line 10 in 78c1b68
The Content-Security-Policy header must not be overridden.
There is now a standard way to add local exceptions to the CSP:
https://infra.apache.org/tools/csp.html
You need to get approval before adding any domains. Also please document such approval in the .htaccess file.
The following are already included in the default: