I think I found either an issue with the API, NoScript, or Firefox ESR.
I go to https://bycycle.org/api/ and then enter -122.662709,45.522952 to search.
It takes me here: https://bycycle.org/api/query?term=+-122.662709%2C45.522952
Then if I manually change the URL to something else, then NoScript throws an XSS error.
But then if I manually update the request using the developer tools and re-request the GET, then it throws:
Content Security Policy: The page’s settings blocked the loading of a resource at https://bycycle.org/api/query?term=+-122.662709,45.522953 (“default-src”).
I think I found either an issue with the API, NoScript, or Firefox ESR.
I go to https://bycycle.org/api/ and then enter -122.662709,45.522952 to search.
It takes me here: https://bycycle.org/api/query?term=+-122.662709%2C45.522952
Then if I manually change the URL to something else, then NoScript throws an XSS error.
But then if I manually update the request using the developer tools and re-request the GET, then it throws:
Content Security Policy: The page’s settings blocked the loading of a resource at https://bycycle.org/api/query?term=+-122.662709,45.522953 (“default-src”).