AntonKhorev left a comment (openstreetmap/openstreetmap-website#6192)
> CSP doesn't allow render.openstreetmap.org
Easily fixed by allowing them. They are already allowed for `form_action`, just
add them to `connect_src` too.
> the required totp cookie would be lost
Would it? Is it even required by the exporter?
> the render site isn't properly handling CORS preflight requests
This sort of works too, `access-control-allow-origin: *` is in the response.
However the status is 400 instead of 204, that means *CORS request did not
succeed*.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6192#issuecomment-3078056642
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/6192/c3078056...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev