From b1dec5238657d6116e9bdc81d12f3198ba9a06c0 Mon Sep 17 00:00:00 2001
From: chefe <hi@chefe.io>
Date: Wed, 1 Jan 2025 16:25:58 +0100
Subject: [PATCH] Fix tiles not working on public pages because of missing CSP
 entries

A CSP entry for https://tile.openstreetmap.org was introduced in
8e9e960ac7bf8c9e7ac638775504b007242bb3e9, but it was only added
to the PageController but it should be added to all the places
where the CSP headers are generated.

Signed-off-by: chefe <hi@chefe.io>
---
 lib/Controller/PublicFavoritePageController.php | 1 +
 lib/Controller/PublicPageController.php         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/lib/Controller/PublicFavoritePageController.php b/lib/Controller/PublicFavoritePageController.php
index 4d94c71d5..0994a39ac 100644
--- a/lib/Controller/PublicFavoritePageController.php
+++ b/lib/Controller/PublicFavoritePageController.php
@@ -140,6 +140,7 @@ private function addCsp($response): void {
 			$csp = new ContentSecurityPolicy();
 			// map tiles
 			$csp->addAllowedImageDomain('https://*.tile.openstreetmap.org');
+			$csp->addAllowedImageDomain('https://tile.openstreetmap.org');
 			$csp->addAllowedImageDomain('https://server.arcgisonline.com');
 			$csp->addAllowedImageDomain('https://*.cartocdn.com');
 			$csp->addAllowedImageDomain('https://*.opentopomap.org');
diff --git a/lib/Controller/PublicPageController.php b/lib/Controller/PublicPageController.php
index 99a9e1cf4..2e2f9df01 100644
--- a/lib/Controller/PublicPageController.php
+++ b/lib/Controller/PublicPageController.php
@@ -207,6 +207,7 @@ private function addCsp($response): void {
 			$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
 			// map tiles
 			$csp->addAllowedImageDomain('https://*.tile.openstreetmap.org');
+			$csp->addAllowedImageDomain('https://tile.openstreetmap.org');
 			$csp->addAllowedImageDomain('https://server.arcgisonline.com');
 			$csp->addAllowedImageDomain('https://*.cartocdn.com');
 			$csp->addAllowedImageDomain('https://*.opentopomap.org');