Page MenuHomeMiraheze

Extension:Maps refuses to load map tiles because of Content Security Policy directive
Closed, ResolvedPublic

Description

Any usage of the layer tag in Extension:Maps will be blocked by the browser because of the Content Security Policy directive.
When using the following code on a wiki page;

{{#display_map: 55.7557860, 37.6176330
|layer=OpenStreetMap.BlackAndWhite
|service=leaflet
}}

the following error will be given by the Chrome Developer Console:

Refused to load the image 'http://a.tiles.wmflabs.org/bw-mapnik/14/9903/5121.png' because it violates the following Content Security Policy directive: "default-src 'self' data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

This is the same in Google Chrome and in Microsoft Edge. Please fix this, as I'd like to use maps outside of just the normal OpenStreetMap.

Details

Commits
Unknown Object (Diffusion Commit)

Event Timeline

Oxocero created this task.Jan 2 2019, 23:09
Paladox closed this task as Resolved by committing Unknown Object (Diffusion Commit).Jan 3 2019, 03:49
Paladox added a commit: Unknown Object (Diffusion Commit).
John removed a project: Security.Jan 3 2019, 04:28