Improve CSP directive (#944)

* Remove duplicate url from script-src

* Add tile.openstreetmap.org to directive

baremaps-server/src/main/resources/dem/index.html

@@ -22,8 +22,8 @@
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Security-Policy" content="
-    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;
-    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
+    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org https://tile.openstreetmap.org;
+    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
     worker-src 'self' blob:;
     child-src 'self' blob:;
     img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;

baremaps-server/src/main/resources/static/server.html

@@ -18,8 +18,8 @@
 <html lang="en">
 <head>
   <meta http-equiv="Content-Security-Policy" content="
-    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;
-    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
+    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org https://tile.openstreetmap.org;
+    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
     worker-src 'self' blob:;
     child-src 'self' blob:;
     img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;

baremaps-server/src/main/resources/static/viewer.html

@@ -18,8 +18,8 @@
 <html lang="en">
 <head>
   <meta http-equiv="Content-Security-Policy" content="
-    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;
-    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
+    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org https://tile.openstreetmap.org;
+    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
     worker-src 'self' blob:;
     child-src 'self' blob:;
     img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;

basemap/index.html

@@ -18,8 +18,8 @@
 <html lang="en">
 <head>
   <meta http-equiv="Content-Security-Policy" content="
-    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;
-    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
+    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org https://tile.openstreetmap.org;
+    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
     worker-src 'self' blob:;
     child-src 'self' blob:;
     img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;

examples/openstreetmap/index.html

@@ -18,8 +18,8 @@
 <html lang="en">
 <head>
   <meta http-equiv="Content-Security-Policy" content="
-    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;
-    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
+    default-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org https://tile.openstreetmap.org;
+    script-src 'self' http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org 'unsafe-inline';
     worker-src 'self' blob:;
     child-src 'self' blob:;
     img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://unpkg.com https://baremaps.apache.org;