From 527ec293c2cd84e777e8f05b4bdcf2b3b611a5e0 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 24 Nov 2017 01:09:27 +0000
Subject: [PATCH] Fix security policy for mapillary in iD

---
 app/controllers/site_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 64744bb23..272f99109 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -120,9 +120,9 @@ class SiteController < ApplicationController
 
   def id
     append_content_security_policy_directives(
-      :connect_src => %w[nominatim.openstreetmap.org taginfo.openstreetmap.org *.mapillary.com openstreetcam.org],
-      :img_src => %w[*],
-      :script_src => %w[dev.virtualearth.net]
+      :connect_src => %w[nominatim.openstreetmap.org taginfo.openstreetmap.org *.mapillary.com d1cuyjsrcm0gby.cloudfront.net d1brzeo354iq2l.cloudfront.net openstreetcam.org],
+      :img_src => %w[* blob:],
+      :script_src => %w[dev.virtualearth.net 'unsafe-eval']
     )
 
     render "id", :layout => false
-- 
2.43.2