Street Level Imagery not displaying due to security issue for Mapillary only

Question

Street Level Imagery not displaying due to security issue for Mapillary only

EwenH opened this issue 2 months ago · comments

Ewen Hill commented 2 months ago

URL

https://www.openstreetmap.org/edit#map=18/-38.61804/142.99343

How to reproduce the issue?

For Mapillary...

Open Chrome
Navigate to https://www.openstreetmap.org/edit#map=18/-38.61804/142.99343
Activate Mapillary from Photo Overlays
Click on the green photo icon
Nothing happens ** Fails **

For Bing Imagery

Open Chrome
Navigate to https://www.openstreetmap.org/edit#map=19/29.17914/-81.02899
Activate Bing from Photo Overlays
Click on the greenish photo icon
Photo rendered ** Success**

Screenshot(s) or anything else?

It appears a setting upstream at Mapillary or a change in security on matomo has caused Mapillary photos not to render. This has only been experienced in the last few days.

id#background=Bing&m…overlay=mapillary:1 Uncaught (in promise)
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' matomo.openstreetmap.org".

at new Function (<anonymous>)
at ih.createFilter (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:21:16249)
at new Gm (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:39:1000)
at new lM (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:60:15028)
at new e.Viewer (mapillary-e7bb57e05dff3736762bd4a74954d7abac85ebf7f90cee2f7078c64ba9764b7e.js:61:5276)
at Object.initViewer (id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:62:5308)
at id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:62:2950

Promise.then (async)
c @ id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:13
(anonymous) @ id-884d1f4f401304033ac7dbdd819c10c5434a743493c3163e9abc456bf3382b02.js:2

Which deployed environments do you see the issue in?

Released version at openstreetmap.org/edit

What version numbers does this issue effect?

2.29

Which browsers are you seeing this problem on?

Chrome

Tobias · Answer 1 · Wed May 29 2024 12:05:45 GMT+0800 (China Standard Time)

I can confirm the error with Mapillary (happens only when the preview is rendered (as described above)).

"script-src 'self' matomo.openstreetmap.org".

This sounds like it could be related to openstreetmap/openstreetmap-website#4841

Ping @tyrasd

Martin Raifer · Answer 2 · Wed May 29 2024 17:39:02 GMT+0800 (China Standard Time)

Oh, sorry, this was indeed my fault in openstreetmap/openstreetmap-website#4841. Somehow, this slipped through my checks. 🙇 It should be fixed soon upstream.

Ewen Hill · Answer 3 · Thu May 30 2024 09:09:13 GMT+0800 (China Standard Time)

Thanks @tyrasd and @tordans for the extremely rapid turnaround. I can confirm that the images now render correctly and these things slip through from time to time as you strive to improve the platform so no issues. Enjoy the day