OpenLiberty · aknguyen7 · Jul 13, 2023 · Jul 12, 2023 · Jul 12, 2023 · Jul 12, 2023
diff --git a/src/main/content/antora_ui/package-lock.json b/src/main/content/antora_ui/package-lock.json
diff --git a/src/main/content/antora_ui/src/sass/nav.scss b/src/main/content/antora_ui/src/sass/nav.scss
@@ -83,10 +83,13 @@ html.is-clipped--nav {
 .nav-panel-menu::-webkit-scrollbar,
 .nav-panel-explore .components::-webkit-scrollbar {
   width: 0.25rem;
+  height: 0.25rem;
 }
 
 .nav-panel-menu::-webkit-scrollbar-thumb,
-.nav-panel-explore .components::-webkit-scrollbar-thumb {
+.nav-panel-menu::-webkit-scrollbar-thumb:horizontal,
+.nav-panel-explore .components::-webkit-scrollbar-thumb,
+.nav-panel-explore .components::-webkit-scrollbar-thumb:horizontal {
   background-color: var(--nav-border-color);
 }
 

diff --git a/src/main/java/io/openliberty/website/TLSFilter.java b/src/main/java/io/openliberty/website/TLSFilter.java
@@ -71,7 +71,7 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
             response.setHeader("X-Content-Type-Options", "nosniff");
              // Mitigating cross site scripting (XSS) from other domains.
             response.setHeader("Content-Security-Policy",
-                    "default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com code.jquery.com fonts.gstatic.com  *.githubusercontent.com api.github.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com data: buttons.github.io www.youtube.com *.twitter.com *.twimg.com video.ibm.com https://start.openliberty.io/ gitlab.com starter-staging.rh9j6zz75er.us-east.codeengine.appdomain.cloud");
+                    "default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com code.jquery.com fonts.gstatic.com  *.githubusercontent.com api.github.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com data: buttons.github.io www.youtube.com *.twitter.com *.twimg.com video.ibm.com https://start.openliberty.io/ gitlab.com starter-staging.rh9j6zz75er.us-east.codeengine.appdomain.cloud https://docs.oracle.com/javase/8/docs/api/");
 
             // Limits the information sent cross-domain and does not send the origin name.
             response.setHeader("Referrer-Policy", "no-referrer");