[openstreetmap/openstreetmap-website] allow data URIs for images in iD (PR #4840)

Martin Raifer notifications at github.com
Sun May 26 13:04:53 UTC 2024


Fixes problems like https://github.com/openstreetmap/iD/issues/10259.

This is a slight regression in #4627, as the code previously _appended_[^1] the additional CSP rules and now they are overwritten. I assume this was an oversight in the migration process, or was the omission of the existing `img-src` rules there on purpose? In that case, the `:data` type should be added as `policy.img_src("*", :blob, :data)`.


[^1]: see https://github.com/openstreetmap/openstreetmap-website/pull/4627/files#diff-c7e7144de4dcf44dbb148d4acc6aa4a9d8581c6a581966a0bbfb598e79730f14L139

You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/4840

-- Commit Summary --

  * allow data URIs for images in iD

-- File Changes --

    M app/controllers/site_controller.rb (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/4840.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4840.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4840
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4840 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240526/5ecfe45b/attachment.htm>


More information about the rails-dev mailing list