From a477e5bdcc9f03b046a357b92b9487b8c4de23cd Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 9 Jun 2025 01:58:33 +0200
Subject: CSP: Add `worker-src blob:` to the allow-list.

It appears to be required for GeoTIFF/WebGL on Chrome.
---
 files/etc/nginx/sites-available/webmap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/etc/nginx/sites-available/webmap b/files/etc/nginx/sites-available/webmap
index 4aef1cc..f89f5e0 100644
--- a/files/etc/nginx/sites-available/webmap
+++ b/files/etc/nginx/sites-available/webmap
@@ -113,7 +113,7 @@ server {
         add_header X-Content-Type-Options "nosniff";
         add_header X-XSS-Protection "1; mode=block";
         add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
-        add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'";
+        add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; worker-src blob:; base-uri 'self'";
 
         try_files $uri $uri/ =404;
     }
-- 
cgit v1.2.3