[openstreetmap/openstreetmap-website] Content Security Policy prevents sharing (Issue #6214)
Tom Hughes
notifications at github.com
Sun Jul 20 17:38:54 UTC 2025
tomhughes left a comment (openstreetmap/openstreetmap-website#6214)
It hasn't been reported because it works for everybody else - as the error you have quoted says `self` is an allowed target for `form-action` so if the page has been loaded from `www.openstreetmap.org` then it should be able to post to `www.openstreetmap.org`.
So the question is, why is your browser mistakenly claiming it's invalid?
Can you confirm exactly what browser's you've tried because I'm not seeing any problem in Firefox.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6214#issuecomment-3094668718
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/6214/3094668718 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250720/eb5d5cdc/attachment.htm>
More information about the rails-dev
mailing list