Robin-van-der-Linde/MapComplete
1
0
Fork 0
forked from MapComplete/MapComplete
Code Pull requests Activity

Fix: properly add 'self' to connect-src

Browse source
This commit is contained in:
Pieter Vander Vennet 2024-02-07 17:23:12 +01:00
parent b51d4c7e2d
commit 441a9a5ed9
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
scripts/generateLayouts.ts
View file

@ -306,7 +306,7 @@ async function generateCsp(
} }
const geojsonSources: string[] = layout.layers.map((l) => l.source?.geojsonSource) const geojsonSources: string[] = layout.layers.map((l) => l.source?.geojsonSource)
const hosts = new Set<string>("self") const hosts = new Set<string>()
const eliLayers: RasterLayerPolygon[] = AvailableRasterLayers.layersAvailableAt( const eliLayers: RasterLayerPolygon[] = AvailableRasterLayers.layersAvailableAt(
new ImmutableStore({ lon: 0, lat: 0 }) new ImmutableStore({ lon: 0, lat: 0 })
).data ).data
@ -350,7 +350,7 @@ async function generateCsp(
"default-src": "'self'", "default-src": "'self'",
"child-src": "'self' blob: ", "child-src": "'self' blob: ",
"img-src": "* data:", // maplibre depends on 'data:' to load "img-src": "* data:", // maplibre depends on 'data:' to load
"connect-src": connectSrc.join(" "), "connect-src": "self "+connectSrc.join(" "),
"report-to": "https://report.mapcomplete.org/csp", "report-to": "https://report.mapcomplete.org/csp",
"worker-src": "'self' blob:", // Vite somehow loads the worker via a 'blob' "worker-src": "'self' blob:", // Vite somehow loads the worker via a 'blob'
"style-src": "'self' 'unsafe-inline'", // unsafe-inline is needed to change the default background pin colours "style-src": "'self' 'unsafe-inline'", // unsafe-inline is needed to change the default background pin colours