Possible policy issue with OSM tiles #12438

nijel · 2016-08-03T09:43:51Z

Note: The below apply if I understood the policy correctly.

According to https://wiki.openstreetmap.org/wiki/Tile_usage_policy

Technical Usage Requirements:

" If known, a valid HTTP Referer."

PMA strip the Referrer header via CSP policy (To Avoid Referrer Leaks)

fix:
while it's better from user/security perspective to not leak REFERRER at all, it appears that it might be against the rules?
it's possible to use referrerpolicy attribute to allow Referrer header to be sent for specific IMG tag by using referrerpolicy attribute:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-referrerpolicy
# Note # using "origin" as value will leak only the origin without the path (better) and it's a "valid HTTP Referer."

The text was updated successfully, but these errors were encountered:

nijel · 2017-02-13T13:52:15Z

As the OpenLayers library we use puts effort in providing valid Origin in the responses, I assume this is as good as providing Referrer. At least it provides same information.

nijel added the Bug A problem or regression with an existing feature label Aug 3, 2016

ibennetch added this to the 4.7.0 milestone Dec 14, 2016

nijel self-assigned this Feb 13, 2017

nijel closed this as completed Feb 13, 2017

github-actions bot locked as resolved and limited conversation to collaborators Jun 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Possible policy issue with OSM tiles #12438

Possible policy issue with OSM tiles #12438

nijel commented Aug 3, 2016

nijel commented Feb 13, 2017

Possible policy issue with OSM tiles #12438

Possible policy issue with OSM tiles #12438

Comments

nijel commented Aug 3, 2016

nijel commented Feb 13, 2017