Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs] Kapa.ai widget not loading on the dev docs #45720

Open
thisisnic opened this issue Mar 10, 2025 · 1 comment
Open

[Docs] Kapa.ai widget not loading on the dev docs #45720

thisisnic opened this issue Mar 10, 2025 · 1 comment
Labels
Component: Documentation Type: bug

Comments

@thisisnic
Copy link
Member

Describe the bug, including details regarding any error messages, version, and platform.

Last week we merged a PR to add an "ask AI" widget to the docs, but when looking at the dev docs site, it isn't loading correctly. It appears to be permissions-related.

In the R docs, developer tools show:

Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://widget.kapa.ai/kapa-widget.bundle.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html)
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://www.r-pkg.org/badges/version-last-release/arrow because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html)
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://github.com/apache/arrow/workflows/R/badge.svg?event=push because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html)
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://apache.r-universe.dev/badges/arrow because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/” [index.html](https://arrow.apache.org/docs/dev/r/index.html)
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://img.shields.io/conda/vn/conda-forge/r-arrow.svg because it violates the following directive: “img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/”

On the main docs:

Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://widget.kapa.ai/kapa-widget.bundle.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/”

In the privacy docs it says that we should have user consent before loading, but I did activate this.

It works fine on the PR preview: http://crossbow.voltrondata.com/pr_docs/45667

Will investigate further later unless anyone else has any ideas!

Component(s)

Documentation
@dvdksn
Copy link

dvdksn commented Mar 11, 2025
edited
Loading

Hey, it sounds like you need to whitelist Kapa domains in the site's CSP policy. The HTTP response needs to allow the domains listed here: https://docs.kapa.ai/integrations/understanding-csp-cors#configuring-csp-for-kapa

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Documentation Type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thisisnic @dvdksn