From 9ca82ad6ad1f780b7e3bc10afe96ce6ed0de9005 Mon Sep 17 00:00:00 2001
From: Arne Hamann <kontakt+github@arne.email>
Date: Mon, 27 Jan 2020 22:25:14 +0100
Subject: [PATCH] CSP added 'blob:'

Signed-off-by: Arne Hamann <kontakt+github@arne.email>
---
 lib/Controller/PageController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index 8e5c0265..45be154a 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -49,6 +49,7 @@ class PageController extends Controller {
         $response = new TemplateResponse('maps', 'index', $params);
         if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) {
             $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
+
             // map tiles
             $csp->addAllowedImageDomain('https://*.tile.openstreetmap.org');
             $csp->addAllowedImageDomain('https://server.arcgisonline.com');
@@ -83,12 +84,15 @@ class PageController extends Controller {
                     $csp->addAllowedConnectDomain($cleanUrl);
                 }
             }
-            //$csp->addAllowedConnectDomain('http://192.168.0.66:5000');
+
+            $csp->addAllowedScriptDomain('\'self\'');
+
 
             // poi images
             $csp->addAllowedImageDomain('https://nominatim.openstreetmap.org');
             // search and geocoder
             $csp->addAllowedConnectDomain('https://nominatim.openstreetmap.org');
+            $csp->addAllowedScriptDomain('blob:');
             $response->setContentSecurityPolicy($csp);
         }
         return $response;