rene/banyaro
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix: CSP worker-src 'self' blob: (SW-Registrierung war durch blob:-only blockiert) + Vektor-Basemap auf Staging default-an

Browse source 
- worker-src blob: hatte sw.js (same-origin) blockiert → SW-Registrierung schlug app-weit fehl
  → alter SW servierte stale ui.js → UI.map.vectorLayer undefined → stiller Raster-Fallback
- _vectorMapEnabled: Staging default AN (Reifephase), Prod AUS bis Freigabe, Flag überschreibt
This commit is contained in:
rene 2026-06-05 08:52:36 +02:00
parent 736c326635
commit b0fece16c8
7 changed files with 24 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/main.py
View file

@ -111,7 +111,7 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
response.headers["Content-Security-Policy"] = (
"default-src 'self'; "
"script-src 'self' https://umami.motocamp.de; " # ohne unsafe-inline/eval — alle Inline-Scripts extrahiert
"worker-src blob:; " # MapLibre GL spawnt Web-Worker aus blob-URLs (Tile-Server)
"worker-src 'self' blob:; " # 'self' = Service Worker (sw.js); blob: = MapLibre-GL-Worker
"style-src 'self' 'unsafe-inline'; " # Inline-Styles bleiben (zu viele Fundstellen für jetzt)
"img-src 'self' data: blob: https:; "
"connect-src 'self' https:; "