[openstreetmap/openstreetmap-website] update script-src CSP rules for iD (PR #4841)
Martin Raifer
notifications at github.com
Sun May 26 13:28:45 UTC 2024
* by now, all used Bing services are queried directly via REST APIs, so `dev.virtualearth.net` should not be required anymore
* `unsafe-eval` was added with 527ec293c2cd84e777e8f05b4bdcf2b3b611a5e0, but as far as I can see, neither the current mapillary SDK nor any other parts of iD perform any dirty tricks with `eval` & co.
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/4841
-- Commit Summary --
* update script-src CSP rules for iD
-- File Changes --
M app/controllers/site_controller.rb (1)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/4841.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4841.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4841
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4841 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240526/058ce7e3/attachment.htm>
More information about the rails-dev
mailing list