Security: add nominatim endpoint to config and csp

2023-09-29 11:13:30 +02:00 · 2023-09-29 11:13:30 +02:00 · 451aa3bcd4
commit 451aa3bcd4
parent 477ef56e00
4 changed files with 8 additions and 3 deletions
--- a/package.json
+++ b/package.json
@ -32,7 +32,8 @@
      "https://overpass.kumi.systems/api/interpreter",
      "https://overpass.openstreetmap.ru/cgi/interpreter"
    ],
-    "country_coder_host": "https://raw.githubusercontent.com/pietervdvn/MapComplete-data/main/latlon2country"
+    "country_coder_host": "https://raw.githubusercontent.com/pietervdvn/MapComplete-data/main/latlon2country",
+    "nominatimEndpoint": "https://nominatim.openstreetmap.org/search?"
  },
  "scripts": {
    "start": "npm run generate:layeroverview && npm run strt",
--- a/scripts/generateLayouts.ts
+++ b/scripts/generateLayouts.ts
@ -206,6 +206,7 @@ function asLangSpan(t: Translation, tag = "span"): string {
 }

 let previousSrc: Set<string> = new Set<string>()
+
 function generateCsp(
    layout: LayoutConfig,
    options: {
@ -216,6 +217,7 @@ function generateCsp(
        "'self'",
        ...Constants.defaultOverpassUrls,
        Constants.countryCoderEndpoint,
+        Constants.nominatimEndpoint,
        "https://api.openstreetmap.org",
        "https://pietervdvn.goatcounter.com",
    ].concat(...SpecialVisualizations.specialVisualizations.map((sv) => sv.needsUrls))
@ -283,6 +285,7 @@ const removeOtherLanguagesHash = crypto
    .createHash("sha256")
    .update(removeOtherLanguages)
    .digest("base64")
+
 async function createLandingPage(layout: LayoutConfig, manifest, whiteIcons, alreadyWritten) {
    Locale.language.setData(layout.language[0])
    const targetLanguage = layout.language[0]
--- a/src/Logic/Osm/Geocoding.ts
+++ b/src/Logic/Osm/Geocoding.ts
@ -1,5 +1,6 @@
 import { Utils } from "../../Utils"
 import { BBox } from "../BBox"
+import Constants from "../../Models/Constants"

 export interface GeoCodeResult {
    display_name: string
@ -15,7 +16,7 @@ export interface GeoCodeResult {
 }

 export class Geocoding {
-    private static readonly host = "https://nominatim.openstreetmap.org/search?"
+    public static readonly host = Constants.nominatimEndpoint

    static async Search(query: string, bbox: BBox): Promise<GeoCodeResult[]> {
        const b = bbox ?? BBox.global
--- a/src/Models/Constants.ts
+++ b/src/Models/Constants.ts
@ -107,7 +107,7 @@ export default class Constants {
    public static defaultOverpassUrls = Constants.config.default_overpass_urls
    public static countryCoderEndpoint: string = Constants.config.country_coder_host
    public static osmAuthConfig: AuthConfig = Constants.config.oauth_credentials
-
+    public static nominatimEndpoint: string = Constants.config.nominatimEndpoint
    /**
     * These are the values that are allowed to use as 'backdrop' icon for a map pin
     */