Street Level Imagery not displaying due to security issue for Mapillary only
EwenH opened this issue · comments
URL
https://www.openstreetmap.org/edit#map=18/-38.61804/142.99343
How to reproduce the issue?
For Mapillary...
- Open Chrome
- Navigate to https://www.openstreetmap.org/edit#map=18/-38.61804/142.99343
- Activate Mapillary from Photo Overlays
- Click on the green photo icon
- Nothing happens ** Fails **
For Bing Imagery
- Open Chrome
- Navigate to https://www.openstreetmap.org/edit#map=19/29.17914/-81.02899
- Activate Bing from Photo Overlays
- Click on the greenish photo icon
- Photo rendered ** Success**
Screenshot(s) or anything else?
It appears a setting upstream at Mapillary or a change in security on matomo has caused Mapillary photos not to render. This has only been experienced in the last few days.
id#background=Bing&m…overlay=mapillary:1 Uncaught (in promise)
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' matomo.openstreetmap.org".
at new Function (<anonymous>)
at ih.createFilter (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:21:16249)
at new Gm (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:39:1000)
at new lM (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:60:15028)
at new e.Viewer (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:61:5276)
at Object.initViewer (id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:62:5308)
at id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:62:2950
Promise.then (async)
c @ id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:13
(anonymous) @ id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:2
Which deployed environments do you see the issue in?
Released version at openstreetmap.org/edit
What version numbers does this issue effect?
2.29
Which browsers are you seeing this problem on?
Chrome
I can confirm the error with Mapillary (happens only when the preview is rendered (as described above)).
"script-src 'self' matomo.openstreetmap.org".
This sounds like it could be related to openstreetmap/openstreetmap-website#4841
Ping @tyrasd
Oh, sorry, this was indeed my fault in openstreetmap/openstreetmap-website#4841. Somehow, this slipped through my checks. 🙇 It should be fixed soon upstream.