[openstreetmap/openstreetmap-website] allow data URIs for images in iD (PR #4840)
Martin Raifer
notifications at github.com
Sun May 26 13:04:53 UTC 2024
Fixes problems like https://github.com/openstreetmap/iD/issues/10259.
This is a slight regression in #4627, as the code previously _appended_[^1] the additional CSP rules and now they are overwritten. I assume this was an oversight in the migration process, or was the omission of the existing `img-src` rules there on purpose? In that case, the `:data` type should be added as `policy.img_src("*", :blob, :data)`.
[^1]: see https://github.com/openstreetmap/openstreetmap-website/pull/4627/files#diff-c7e7144de4dcf44dbb148d4acc6aa4a9d8581c6a581966a0bbfb598e79730f14L139
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/4840
-- Commit Summary --
* allow data URIs for images in iD
-- File Changes --
M app/controllers/site_controller.rb (2)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/4840.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4840.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4840
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4840 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240526/5ecfe45b/attachment.htm>
More information about the rails-dev
mailing list