From 6fb7e5f5bb9f227ea7fca245f9cfeb7ef2d30ad7 Mon Sep 17 00:00:00 2001 From: Andrea Chirillano Date: Mon, 16 Mar 2026 18:32:25 +0000 Subject: [PATCH 1/2] Fix: 403 error in create map --- core/settings/contrib.py | 1 - ui/app/components/aoi/ExportAOI.js | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/core/settings/contrib.py b/core/settings/contrib.py index 1bf789911..e81e8891c 100644 --- a/core/settings/contrib.py +++ b/core/settings/contrib.py @@ -27,7 +27,6 @@ "DEFAULT_AUTHENTICATION_CLASSES": ( "rest_framework.authentication.TokenAuthentication", "oauth2_provider.contrib.rest_framework.OAuth2Authentication", - "rest_framework.authentication.SessionAuthentication", ), "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",), "DEFAULT_RENDERER_CLASSES": ( diff --git a/ui/app/components/aoi/ExportAOI.js b/ui/app/components/aoi/ExportAOI.js index db4878b13..ca9338895 100644 --- a/ui/app/components/aoi/ExportAOI.js +++ b/ui/app/components/aoi/ExportAOI.js @@ -277,6 +277,7 @@ export class ExportAOI extends Component { }), OSM.ATTRIBUTION ], + crossOrigin: null, url: "https://tile.openstreetmap.org/{z}/{x}/{y}.png" }) From 664fe6f08434984abec15a8bbf7924a0b1464b89 Mon Sep 17 00:00:00 2001 From: Andrea Chirillano Date: Mon, 16 Mar 2026 21:30:09 +0000 Subject: [PATCH 2/2] Fix: 403 error in create export --- core/settings/base.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/settings/base.py b/core/settings/base.py index 655b7e30f..4a8ed7338 100644 --- a/core/settings/base.py +++ b/core/settings/base.py @@ -75,6 +75,11 @@ # ABS_PATH('core', 'base_static'), ) +# Allow OSM tile servers to receive a Referer header (required by OSM tile policy). +# Django's SecurityMiddleware defaults to "same-origin", which strips the Referer +# on cross-origin requests, causing OSM tiles to return 403 "Access blocked". +SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin" + # default middleware classes MIDDLEWARE = [