X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/2f9291ba5764fe104264ae7e3b6a361e11212e8b..26102f581fbd88449b3c850685c4e4058fec0df9:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bc1fd488d..9666adf12 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -333,11 +333,9 @@ class ApplicationController < ActionController::Base
     append_content_security_policy_directives(
       :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
       :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
-      :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL],
+      :connect_src => [NOMINATIM_URL, OVERPASS_URL, FOSSGIS_OSRM_URL, GRAPHHOPPER_URL],
       :form_action => %w[render.openstreetmap.org],
-      :style_src => %w['unsafe-inline'],
-      :script_src => [MAPQUEST_DIRECTIONS_URL],
-      :img_src => %w[developer.mapquest.com]
+      :style_src => %w['unsafe-inline']
     )
 
     if STATUS == :database_offline || STATUS == :api_offline