apache · wu-sheng · Jan 25, 2026 · Jan 25, 2026 · Copilot · Jan 25, 2026
diff --git a/.htaccess b/.htaccess
@@ -4,7 +4,9 @@ ErrorDocument 404 /404.html
     Header always set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline'; \
     frame-src 'self' https://www.youtube.com https://player.bilibili.com https://hcaptcha.com https://*.hcaptcha.com; \
     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://hcaptcha.com https://*.hcaptcha.com; \
-    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app; \
+    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
-    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
+    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://hcaptcha.com https://*.hcaptcha.com; \
-    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://*.hcaptcha.com; \
+    connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://api.github.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://hcaptcha.com https://*.hcaptcha.com; \
+    style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; \
+    img-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com; \
     frame-ancestors 'self'; \
     object-src 'none'; \
     upgrade-insecure-requests;"