YongGoose opened a new issue, #55: URL: https://github.com/apache/incubator-baremaps-site/issues/55
While using the `demo` in baremaps website, multiple Content Security Policy (CSP) violations prevent essential resources from loading. The following errors are observed in the console  ### Errors: API requests blocked: 1. API requests blocked ``` Refused to connect to 'https://demo.baremaps.com/api/iploc' because it violates the Content Security Policy directive: "default-src 'self' data: blob: 'unsafe-inline' https://www.apachecon.com/ https://www.communityovercode.org/ https://analytics.apache.org/";. ``` ``` Fetch API cannot load https://demo.baremaps.com/api/iploc. Refused to connect because it violates the document's Content Security Policy. ``` 2. Style file loading blocked ``` Refused to connect to 'https://demo.baremaps.com/style.json' because it violates the Content Security Policy directive: "default-src 'self' data: blob: 'unsafe-inline' https://www.apachecon.com/ https://www.communityovercode.org/ https://analytics.apache.org/";. ``` ``` Fetch API cannot load https://demo.baremaps.com/style.json. Refused to connect because it violates the document's Content Security Policy. ``` 3. Mapbox RTL script blocked ``` Refused to load the script 'https://unpkg.com/@mapbox/[email protected]/mapbox-gl-rtl-text.min.js' because it violates the Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/";. ``` ``` Uncaught (in promise) NetworkError: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'https://unpkg.com/@mapbox/[email protected]/mapbox-gl-rtl-text.min.js' failed to load. ``` ### Possible Solution - Update the `Content Security Policy` (CSP) settings to explicitly allow required domains in `connect-src` and `script-src`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
