CSP directive blocks access to Overpass server

[mmd-osm]

Chrome 69 refuses to access Overpass API due to:

openstreetmap-website/app/controllers/application_controller.rb

Line 416 in 1285bcb

:connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org graphhopper.com],

Error message:
Refused to connect to 'https://lz4.overpass-api.de/api/interpreter' because it violates the following Content Security Policy directive: "connect-src 'self' piwik.openstreetmap.org nominatim.openstreetmap.org overpass-api.de router.project-osrm.org graphhopper.com".

-> Both lz4.overpass-api.de and z.overpass-api.de need to be added here as well. overpass-api.de is just an alias for those two production servers.

[tomhughes]

Well we work on the basis of hostnames so it shouldn't matter how many servers they resolve to, or are you saying that overpass-api.de is actually redirecting to those names?

[tomhughes]

It looks to me like they are just two DNS entries and there is no redirection going on. Certainly the query tool seems to be working for me in Firefox.

[tomhughes]

And in Chrom(ium) as well.

[mmd-osm]

Which Chrome version are you on? I'm getting this error since today on Version 69.0.3497.92 (Official Build) (64-bit)

[mmd-osm]

Ah, sorry for the noise, that's Switcheroo extension triggering this Javascript error... Closing here.