How to avoid 'unsafe-eval' and 'unsafe-inline' in Content Security Policy in Response Headers?

We are using open street map in our application. While loading the assets (CSS/JS & required images), open street map is appending a Content Security Policy rules in the Response Headers and while generating it, is having ‘unsafe-eval’ and ‘unsafe-inline’ for the script-src and style-src respectively. Could someone advise whether this will not be an issue for the application which we have developed or anyways to avoid these flags in the headers?
Thanks!!

Are you using the tiles from openstreetmap.org directly? Those tiles are run on donated resources, and might not be the best choice depending on your application. You may want to switch to some other tile provider, or serve your own. I don’t know offhand what tile serving systems have locked-down CSP rules, though.

3 Likes

In order to help, it’d be good to know what you’re actually trying to do - for example what sort of “application” are we talking about here?

Lots of different technologies exist to make OSM maps that can be embedded in all sorts of applications, but different ones are suitable for different platforms.

2 Likes