Fix: Allow OpenStreetMap iframe in Content Security Policy

- Add frame-src directive to CSP for OpenStreetMap.org - Fix Impressum map display issue in production - Allow embedding of OpenStreetMap iframes while maintaining security - Update Caddyfile CSP configuration
2025-10-02 15:45:01 +02:00
parent d7b1ae3525
commit 6f6b21e7c8
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@@ -17,7 +17,7 @@ stargirlnails.de {
        X-Content-Type-Options "nosniff"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"
-        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self';"
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-src 'self' https://www.openstreetmap.org;"
        
        # HSTS (wird automatisch von Caddy gesetzt)
        Strict-Transport-Security "max-age=31536000; includeSubDomains"