X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/15b104f4ff4614aa78c01180b6a9b89dd5a1400f..63992d83bdf3c2489e10504957bb57ed29976803:/app/controllers/site_controller.rb?ds=sidebyside diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index 49f942d3b..74dbc41f5 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -120,9 +120,9 @@ class SiteController < ApplicationController def id append_content_security_policy_directives( - :connect_src => %w[taginfo.openstreetmap.org *.mapillary.com openstreetcam.org], - :img_src => %w[*], - :script_src => %w[dev.virtualearth.net] + :connect_src => %w[*], + :img_src => %w[* blob:], + :script_src => %w[dev.virtualearth.net 'unsafe-eval'] ) render "id", :layout => false