Skip to content

Commit c72970d

Browse files
shunpingshunping
authored
Fix CSP issues (#36902)
* Fix CSP issues * Add css folder to rat exclusion list.
1 parent 4366622 commit c72970d

File tree

8 files changed

+70
-9
lines changed

8 files changed

+70
-9
lines changed

build.gradle.kts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ tasks.rat {
7575
"**/Gemfile.lock",
7676
"**/Rakefile",
7777
"**/.htaccess",
78+
"website/www/site/assets/css/**/*",
7879
"website/www/site/assets/scss/_bootstrap.scss",
7980
"website/www/site/assets/scss/bootstrap/**/*",
8081
"website/www/site/assets/js/**/*",

website/www/site/assets/css/fontawesome/release-v5.4.1.css

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

website/www/site/assets/css/roboto/roboto.css

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
@font-face {
2+
font-family: 'Roboto';
3+
font-style: normal;
4+
font-weight: 100;
5+
font-stretch: normal;
6+
src: url(https://fonts.gstatic.com/s/roboto/v50/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbFmUiA8.ttf) format('truetype');
7+
}
8+
@font-face {
9+
font-family: 'Roboto';
10+
font-style: normal;
11+
font-weight: 300;
12+
font-stretch: normal;
13+
src: url(https://fonts.gstatic.com/s/roboto/v50/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuaabVmUiA8.ttf) format('truetype');
14+
}
15+
@font-face {
16+
font-family: 'Roboto';
17+
font-style: normal;
18+
font-weight: 400;
19+
font-stretch: normal;
20+
src: url(https://fonts.gstatic.com/s/roboto/v50/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiA8.ttf) format('truetype');
21+
}
22+
@font-face {
23+
font-family: 'Roboto';
24+
font-style: normal;
25+
font-weight: 500;
26+
font-stretch: normal;
27+
src: url(https://fonts.gstatic.com/s/roboto/v50/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmUiA8.ttf) format('truetype');
28+
}
29+
@font-face {
30+
font-family: 'Roboto';
31+
font-style: normal;
32+
font-weight: 700;
33+
font-stretch: normal;
34+
src: url(https://fonts.gstatic.com/s/roboto/v50/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuYjalmUiA8.ttf) format('truetype');
35+
}

website/www/site/assets/css/swiper@8/swiper-bundle.min.css

Lines changed: 13 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

website/www/site/assets/js/jquery/jquery-2.2.4.min.js

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

website/www/site/layouts/partials/head.html

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
<title>{{ if .Title }}{{ .Title }}{{ else }}{{ .Site.Title }}{{ end }}</title>
1818
<meta name="description" content="{{ .Description | default $.Site.Params.description }}">
1919

20-
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700" rel="stylesheet">
20+
<link href="css/roboto/roboto.css" rel="stylesheet">
2121

2222
{{ $scssMain := "scss/main.scss"}}
2323
{{ if .Site.IsServer }}
@@ -29,7 +29,7 @@
2929
<link href="{{ $css.RelPermalink }}" rel="stylesheet" integrity="{{ $css.Data.integrity }}">
3030
{{ end }}
3131

32-
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
32+
<script src="js/jquery/jquery-2.2.4.min.js"></script>
3333

3434
<style>
3535
.body__contained img { max-width: 100% }
@@ -69,8 +69,8 @@
6969
<link rel="alternate" type="application/rss+xml" title="{{ .Site.Title }}" href="/feed.xml">
7070
<link rel="canonical" href="{{ .Site.Params.hostName }}{{ .Permalink | absURL }}" data-proofer-ignore>
7171
<link rel="shortcut icon" type="image/x-icon" href="/images/favicon.ico">
72-
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.4.1/css/all.css" integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz" crossorigin="anonymous">
73-
<link rel="stylesheet" href="https://unpkg.com/swiper@8/swiper-bundle.min.css"/>
72+
<link rel="stylesheet" href="css/fontawesome/release-v5.4.1.css" integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz" crossorigin="anonymous">
73+
<link rel="stylesheet" href="css/swiper@8/swiper-bundle.min.css"/>
7474
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
7575

7676
<!-- Hotjar Tracking Code for https://beam.apache.org/ -->

website/www/site/layouts/partials/head_homepage.html

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
<title>{{ if .Title }}{{ .Title }}{{ else }}{{ .Site.Title }}{{ end }}</title>
1818
<meta name="description" content="{{ .Description | default $.Site.Params.description }}">
1919

20-
<link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700" rel="stylesheet">
20+
<link href="css/roboto/roboto.css" rel="stylesheet">
2121

2222
{{ $scssMain := "scss/main.scss"}}
2323
{{ if .Site.IsServer }}
@@ -29,7 +29,7 @@
2929
<link href="{{ $css.RelPermalink }}" rel="stylesheet" integrity="{{ $css.Data.integrity }}">
3030
{{ end }}
3131

32-
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
32+
<script src="js/jquery/jquery-2.2.4.min.js"></script>
3333

3434
<style>
3535
.body__contained img { max-width: 100% }
@@ -60,8 +60,8 @@
6060
<link rel="alternate" type="application/rss+xml" title="{{ .Site.Title }}" href="/feed.xml">
6161
<link rel="canonical" href="{{ .Site.Params.hostName }}{{ .Permalink | absURL }}" data-proofer-ignore>
6262
<link rel="shortcut icon" type="image/x-icon" href="/images/favicon.ico">
63-
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.4.1/css/all.css" integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz" crossorigin="anonymous">
64-
<link rel="stylesheet" href="https://unpkg.com/swiper@8/swiper-bundle.min.css"/>
63+
<link rel="stylesheet" href="css/fontawesome/release-v5.4.1.css" integrity="sha384-5sAR7xN1Nv6T6+dT2mhtzEpVJvfS3NScPQTrOxhwjIuvcA67KV2R5Jz6kr4abQsz" crossorigin="anonymous">
64+
<link rel="stylesheet" href="css/swiper@8/swiper-bundle.min.css"/>
6565
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
6666

6767
<!-- Hotjar Tracking Code for https://beam.apache.org/ -->

website/www/site/static/.htaccess

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,4 +27,7 @@ RedirectMatch "/contribute/release-guide" "https://github.com/apache/beam/blob/m
2727

2828
RedirectMatch "/contribute/committer-guide" "https://github.com/apache/beam/blob/master/contributor-docs/committer-guide.md"
2929

30-
Header set Content-Security-Policy "frame-src 'self' https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/ ;"
30+
# Allow embedding content from play.beam.apache.org, youtube.com, drive.google.com, platform.twitter.com,
31+
# static.hotjar.com, cse.google.com, www.google.com/cse, clients1.google.com and fonts.gstatic.com.
32+
# This is the standard way to add local exceptions to the CSP, see https://infra.apache.org/tools/csp.html
33+
SetEnv CSP_PROJECT_DOMAINS "https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/ https://platform.twitter.com/ https://static.hotjar.com/ https://cse.google.com/ http://cse.google.com/ https://www.google.com/cse/ https://fonts.gstatic.com/"

0 commit comments

Comments
 (0)