[openstreetmap/openstreetmap-website] Edit with Remote Control blocked in Safari (#2445)
Tom Hughes
notifications at github.com
Sat Nov 23 16:13:58 UTC 2019
Sounds like a bug in Safari to me - the `worker-src` directive (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts and as we don't use any of those we set it to `none`.
I have no idea why Safari has decided to apply it to an iframe load - we do add `http://127.0.0.1:8111` to both `frame-src` and `child_src` in our security policy which is the policy that should be used for such loads (`frame-src` is a newer replacement for `child-src`).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2445#issuecomment-557810849
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20191123/89ce67aa/attachment-0001.html>
More information about the rails-dev
mailing list