[openstreetmap/openstreetmap-website] CSP issue with Safari 14 (#3261)
Tom Hughes
notifications at github.com
Tue Jul 20 16:03:44 UTC 2021
The error doesn't seem to make much sense - it appears to be complaining about an inline script but we don't use those (which is why the policy disallows them) and yet it refers to `application.js` which is loaded from the server and should match the `'self'` rule. The line number given is just the end of the file so isn't helpful.
My guess is maybe this is a case of a toolbar or browser extension or similar trying to inject code into the page and rightly being defeated by our security policy?
The thing with the buttons is #2811 and is a separate issue.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3261#issuecomment-883511511
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210720/8820f74a/attachment.htm>
More information about the rails-dev
mailing list