YongGoose commented on PR #924: URL: https://github.com/apache/incubator-baremaps/pull/924#issuecomment-2626707624
> @YongGoose I further investigated the content security policy and I think that the error was comming from a chrome extention that interfered with the policy. It does not show up in incognito mode. > > I also tried to better understand why things were not working properly with localhost and 127.0.0.1 and I think it comes from the fact that they are not considered as the same by CSP. So here is a revised meta header works for all cases and is probably better. I also removed the eval-unsafe directive which was unecessary. > > ``` > <meta http-equiv="Content-Security-Policy" content=" > default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org; > script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline'; > worker-src 'self' blob:; > child-src 'self' blob:; > img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org; > style-src 'self' 'unsafe-inline' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org; > "> > ``` > > Can you update the PR? I will then merge it and others will complain if it still has problems. To me things look good 👍 Thank you! 🙂 It looks good to me as well! If any further issues arise, I’ll share them through the mailing list. Done in https://github.com/apache/incubator-baremaps/commit/5b5e993e5af22bc7d679b9f35530c22da2816a4c ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
