map: fix for sw

2023-02-09 12:02:11 -08:00 · 2023-02-09 12:02:11 -08:00 · 479665ca62
parent 8d4d2d6240
commit 479665ca62
3 changed files with 16 additions and 7 deletions
--- a/lib/Controller/OtherController.php
+++ b/lib/Controller/OtherController.php
@ -73,11 +73,7 @@ class OtherController extends ApiBase
            'Content-Type' => 'application/javascript',
            'Service-Worker-Allowed' => '/',
        ]);
-        $policy = new ContentSecurityPolicy();
-        $policy->addAllowedWorkerSrcDomain("'self'");
-        $policy->addAllowedScriptDomain("'self'");
-        $policy->addAllowedConnectDomain("'self'");
-        $response->setContentSecurityPolicy($policy);
+        $response->setContentSecurityPolicy(PageController::getCSP());

        return $response;
    }
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@ -102,9 +102,21 @@ class PageController extends Controller
    /** Get the common content security policy */
    public static function getCSP()
    {
+        // Image domains MUST be added to the connect domain list
+        // because of the service worker fetch() call
+        $addImageDomain = function ($url) use (&$policy) {
+            $policy->addAllowedImageDomain($url);
+            $policy->addAllowedConnectDomain($url);
+        };
+
+        // Create base policy
        $policy = new ContentSecurityPolicy();
        $policy->addAllowedWorkerSrcDomain("'self'");
        $policy->addAllowedScriptDomain("'self'");
+        $policy->addAllowedFrameDomain("'self'");
+        $policy->addAllowedImageDomain("'self'");
+        $policy->addAllowedMediaDomain("'self'");
+        $policy->addAllowedConnectDomain("'self'");

        // Video player
        $policy->addAllowedWorkerSrcDomain('blob:');
@ -116,8 +128,8 @@ class PageController extends Controller

        // Allow OSM
        $policy->addAllowedFrameDomain('www.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.tile.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.a.ssl.fastly.net');
+        $addImageDomain('https://*.tile.openstreetmap.org');
+        $addImageDomain('https://*.a.ssl.fastly.net');

        return $policy;
    }
--- a/src/components/top-matter/MapSplitMatter.vue
+++ b/src/components/top-matter/MapSplitMatter.vue
@ -3,6 +3,7 @@
    <LMap
      class="map"
      ref="map"
+      :crossOrigin="true"
      :zoom="zoom"
      :minZoom="2"
      @moveend="refresh"