ettore.dreucci/lagomareGates
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CSP for OpenStreetMap tiles

Browse Source
This commit is contained in:
Ettore
2026-05-10 22:34:43 +02:00
parent 7e84587788
commit d51141ceef
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main.py
View File

@@ -89,7 +89,8 @@ async def _security_headers(request: Request, call_next) -> Response:
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
response.headers["Content-Security-Policy"] = (
"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';"
" img-src 'self' data: blob: https://*.tile.openstreetmap.org"
" img-src 'self' data: blob: https://*.tile.openstreetmap.org;"
" connect-src 'self' https://*.tile.openstreetmap.org"
)
return response

3
src/static/sw.js
View File

@@ -17,8 +17,9 @@ self.addEventListener("activate", event => {
});
self.addEventListener("fetch", event => {
// Let API calls always go to the network
// Let API calls and map tiles always go to the network
if (event.request.url.includes("/api/")) return;
if (event.request.url.includes("tile.openstreetmap.org")) return;
// Navigation requests (page loads, QR code opens) must always hit the network
// so query parameters like ?k=CODE are preserved for app.js