Fix security policy for mapillary in iD

2017-11-24 01:09:27 +00:00 · 2017-11-24 01:09:27 +00:00 · 527ec293c2
commit 527ec293c2
parent 6a1a4a3f7d
1 changed files with 3 additions and 3 deletions
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@ -120,9 +120,9 @@ class SiteController < ApplicationController

  def id
    append_content_security_policy_directives(
-      :connect_src => %w[nominatim.openstreetmap.org taginfo.openstreetmap.org *.mapillary.com openstreetcam.org],
-      :img_src => %w[*],
-      :script_src => %w[dev.virtualearth.net]
+      :connect_src => %w[nominatim.openstreetmap.org taginfo.openstreetmap.org *.mapillary.com d1cuyjsrcm0gby.cloudfront.net d1brzeo354iq2l.cloudfront.net openstreetcam.org],
+      :img_src => %w[* blob:],
+      :script_src => %w[dev.virtualearth.net 'unsafe-eval']
    )

    render "id", :layout => false