Post marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
Post marked as solved with 2 replies, 0 views
Solved the issue... Some of the CSP settings that Chrome accepted were not so gracefully accepted on Safari, which broke the map.
This final setting worked, and made the map work well on iOS, macOS Safari and macOS Chrome:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data:
					gap: https://*.apple-mapkit.com https://*.ls.apple.com blob:;
					style-src 'self' 'unsafe-inline';
					img-src 'self' https://*.apple-mapkit.com;">
I understand that allowing blob: as a safe URL is quite risky from a security standpoint, so when I perform a security audit before release I will have to take a second look at these settings. In the meantime, for development, it gets me to the functionality I want.