[openstreetmap/openstreetmap-website] Content Security Policy for P2 embedded content (#2067)

Richard Fairhurst notifications at github.com
Mon Nov 19 17:03:39 UTC 2018


Opening P2 in Safari 12 currently borks with these errors in the console:

> [Error] Refused to connect to https://osmlab.github.io/crossdomain.xml because it does not appear in the connect-src directive of the Content Security Policy.
> [Error] Failed to load resource: Blocked by Content Security Policy. (crossdomain.xml, line 0)
> [Error] Refused to connect to https://gravitystorm.dev.openstreetmap.org/cnxc-snapshot/crossdomain.xml because it does not appear in the connect-src directive of the Content Security Policy.
> [Error] Failed to load resource: Blocked by Content Security Policy. (crossdomain.xml, line 0)
> [Error] Refused to connect to https://fpdownload.adobe.com/pub/swz/crossdomain.xml because it does not appear in the connect-src directive of the Content Security Policy.
> [Error] Failed to load resource: Blocked by Content Security Policy. (crossdomain.xml, line 0)
> [Error] Refused to connect to https://fpdownload.adobe.com/pub/swz/crossdomain.xml because it does not appear in the connect-src directive of the Content Security Policy.
> [Error] Failed to load resource: Blocked by Content Security Policy. (crossdomain.xml, line 0)

gravitystorm.dev.openstreetmap.org/cnxc-snapshot/ is currently erroring anyway (and fairly ancient history) so I should probably remove it, but the others are more important, particularly the imagery index. Is this something that could be added to the CSP for osm.org?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2067
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20181119/46a5a63f/attachment.html>


More information about the rails-dev mailing list