@eeacms/volto-bise-policy 1.3.2 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/betterleaks.yml +133 -0
- package/.gitleaks.toml +89 -0
- package/CHANGELOG.md +16 -2
- package/README.md +59 -0
- package/RELEASE.md +1 -1
- package/package.json +1 -1
- package/src/components/Widgets/GeolocationWidgetMapContainer.jsx +7 -2
- package/src/components/manage/Blocks/CaseStudyExplorer/CaseStudyMap.jsx +6 -2
- package/src/constants.js +7 -0
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
name: Betterleaks
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
pull_request:
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: read
|
|
9
|
+
|
|
10
|
+
jobs:
|
|
11
|
+
scan:
|
|
12
|
+
name: Scan for secrets
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
env:
|
|
15
|
+
SMTP_URL: ${{ secrets.SMTP_URL }}
|
|
16
|
+
SMTP_PORT: ${{ secrets.SMTP_PORT || '25' }}
|
|
17
|
+
SMTP_EMAIL: ${{ secrets.SMTP_EMAIL }}
|
|
18
|
+
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
|
|
19
|
+
steps:
|
|
20
|
+
- name: Checkout repository
|
|
21
|
+
uses: actions/checkout@v4
|
|
22
|
+
with:
|
|
23
|
+
fetch-depth: 1
|
|
24
|
+
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
25
|
+
|
|
26
|
+
- name: Run Betterleaks
|
|
27
|
+
id: betterleaks
|
|
28
|
+
continue-on-error: true
|
|
29
|
+
uses: dortort/betterleaks-action@v0.1.0
|
|
30
|
+
with:
|
|
31
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
32
|
+
scan-mode: dir
|
|
33
|
+
scan-path: .
|
|
34
|
+
config: .gitleaks.toml
|
|
35
|
+
report-format: json
|
|
36
|
+
report-path: betterleaks-report.json
|
|
37
|
+
redact: "true"
|
|
38
|
+
no-color: "true"
|
|
39
|
+
no-banner: "true"
|
|
40
|
+
fail-on-leak: "true"
|
|
41
|
+
|
|
42
|
+
- name: Upload Betterleaks report
|
|
43
|
+
if: always()
|
|
44
|
+
uses: actions/upload-artifact@v4
|
|
45
|
+
with:
|
|
46
|
+
name: betterleaks-report
|
|
47
|
+
path: betterleaks-report.json
|
|
48
|
+
if-no-files-found: ignore
|
|
49
|
+
|
|
50
|
+
- name: Build Betterleaks email summary
|
|
51
|
+
id: leak_summary
|
|
52
|
+
if: steps.betterleaks.outcome == 'failure'
|
|
53
|
+
shell: bash
|
|
54
|
+
run: |
|
|
55
|
+
if [[ -s betterleaks-report.json ]]; then
|
|
56
|
+
jq -r '
|
|
57
|
+
def one_line:
|
|
58
|
+
tostring
|
|
59
|
+
| gsub("[\r\n]+"; " ")
|
|
60
|
+
| if length > 240 then .[0:240] + "..." else . end;
|
|
61
|
+
|
|
62
|
+
.[:20][]
|
|
63
|
+
| "- " + (.RuleID // "unknown-rule")
|
|
64
|
+
+ " at " + (.File // "unknown-file")
|
|
65
|
+
+ ":" + ((.StartLine // 0) | tostring)
|
|
66
|
+
+ "\n match: " + ((.Match // .Secret // "REDACTED") | one_line)
|
|
67
|
+
' betterleaks-report.json > betterleaks-email-summary.txt
|
|
68
|
+
|
|
69
|
+
count="$(jq 'length' betterleaks-report.json)"
|
|
70
|
+
if (( count > 20 )); then
|
|
71
|
+
{
|
|
72
|
+
echo ""
|
|
73
|
+
echo "... and $((count - 20)) more finding(s). Download the artifact for full details."
|
|
74
|
+
} >> betterleaks-email-summary.txt
|
|
75
|
+
fi
|
|
76
|
+
else
|
|
77
|
+
echo "No JSON report was generated. Download the workflow logs for details." > betterleaks-email-summary.txt
|
|
78
|
+
fi
|
|
79
|
+
|
|
80
|
+
{
|
|
81
|
+
echo "text<<BETTERLEAKS_SUMMARY"
|
|
82
|
+
cat betterleaks-email-summary.txt
|
|
83
|
+
echo "BETTERLEAKS_SUMMARY"
|
|
84
|
+
} >> "$GITHUB_OUTPUT"
|
|
85
|
+
|
|
86
|
+
- name: Resolve committer email
|
|
87
|
+
id: committer
|
|
88
|
+
if: steps.betterleaks.outcome == 'failure'
|
|
89
|
+
shell: bash
|
|
90
|
+
run: |
|
|
91
|
+
committer_email="$(git log -1 --format='%ce')"
|
|
92
|
+
author_email="$(git log -1 --format='%ae')"
|
|
93
|
+
email="$committer_email"
|
|
94
|
+
if [[ -z "$email" || "$email" == *"noreply.github.com"* ]]; then
|
|
95
|
+
email="$author_email"
|
|
96
|
+
fi
|
|
97
|
+
if [[ "$email" =~ ^[^[:space:]@]+@[^[:space:]@]+\.[^[:space:]@]+$ && "$email" != *"noreply.github.com"* ]]; then
|
|
98
|
+
echo "email=$email" >> "$GITHUB_OUTPUT"
|
|
99
|
+
else
|
|
100
|
+
echo "No deliverable committer email found; skipping Betterleaks email notification."
|
|
101
|
+
echo "email=" >> "$GITHUB_OUTPUT"
|
|
102
|
+
fi
|
|
103
|
+
|
|
104
|
+
- name: Email committer on Betterleaks failure
|
|
105
|
+
if: steps.betterleaks.outcome == 'failure' && steps.committer.outputs.email != '' && env.SMTP_URL != '' && env.SMTP_EMAIL != ''
|
|
106
|
+
uses: dawidd6/action-send-mail@v18
|
|
107
|
+
with:
|
|
108
|
+
server_address: ${{ env.SMTP_URL }}
|
|
109
|
+
server_port: ${{ env.SMTP_PORT }}
|
|
110
|
+
secure: ${{ env.SMTP_PORT == '465' }}
|
|
111
|
+
username: ${{ env.SMTP_EMAIL }}
|
|
112
|
+
password: ${{ env.SMTP_PASSWORD }}
|
|
113
|
+
from: ${{ env.SMTP_EMAIL }}
|
|
114
|
+
to: ${{ steps.committer.outputs.email }}
|
|
115
|
+
subject: "[Betterleaks] Secret scan failed in ${{ github.repository }}"
|
|
116
|
+
body: |
|
|
117
|
+
Betterleaks detected one or more potential secrets.
|
|
118
|
+
|
|
119
|
+
Repository: ${{ github.repository }}
|
|
120
|
+
Branch: ${{ github.ref_name }}
|
|
121
|
+
Commit: ${{ github.sha }}
|
|
122
|
+
Workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
123
|
+
|
|
124
|
+
Findings:
|
|
125
|
+
${{ steps.leak_summary.outputs.text }}
|
|
126
|
+
|
|
127
|
+
Download the betterleaks-report artifact from the workflow run for details.
|
|
128
|
+
|
|
129
|
+
- name: Fail if Betterleaks found leaks
|
|
130
|
+
if: steps.betterleaks.outcome == 'failure'
|
|
131
|
+
run: |
|
|
132
|
+
echo "Betterleaks detected one or more secrets. Download the betterleaks-report artifact from this workflow run for details."
|
|
133
|
+
exit 1
|
package/.gitleaks.toml
ADDED
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
title = "Betterleaks config"
|
|
2
|
+
|
|
3
|
+
[extend]
|
|
4
|
+
useDefault = true
|
|
5
|
+
|
|
6
|
+
[[rules]]
|
|
7
|
+
id = "secret-literal-assignment"
|
|
8
|
+
description = "Secret-like literal assignment in source, YAML, env and config files"
|
|
9
|
+
regex = '''(?i)([A-Za-z0-9_.-]*(?:password|passwd|pwd|api[_-]?key|apikey|access[_-]?key|secret[_-]?access[_-]?key|private[_-]?key|client[_-]?secret|consumer[_-]?key|consumer[_-]?secret|(?:auth|access|refresh|session|api|bearer|id|jwt|csrf|xsrf|oauth)[_-]?token|translate[_-]?auth|translation[_-]?auth|auth[_-]?password|auth[_-]?key|auth[_-]?credentials|database[_-]?url|connection[_-]?string)[A-Za-z0-9_.-]*)[ \t]*[:=][ \t]*["'']?([^"''[:space:]#{}$.][^"''\n#{}]{2,})["'']?'''
|
|
10
|
+
secretGroup = 2
|
|
11
|
+
keywords = [
|
|
12
|
+
"password",
|
|
13
|
+
"passwd",
|
|
14
|
+
"pwd",
|
|
15
|
+
"api_key",
|
|
16
|
+
"apikey",
|
|
17
|
+
"access_key",
|
|
18
|
+
"private_key",
|
|
19
|
+
"client_secret",
|
|
20
|
+
"consumer_key",
|
|
21
|
+
"consumer_secret",
|
|
22
|
+
"auth_token",
|
|
23
|
+
"access_token",
|
|
24
|
+
"refresh_token",
|
|
25
|
+
"session_token",
|
|
26
|
+
"api_token",
|
|
27
|
+
"bearer_token",
|
|
28
|
+
"id_token",
|
|
29
|
+
"jwt_token",
|
|
30
|
+
"csrf_token",
|
|
31
|
+
"xsrf_token",
|
|
32
|
+
"oauth_token",
|
|
33
|
+
"translate_auth",
|
|
34
|
+
"translation_auth",
|
|
35
|
+
"auth_password",
|
|
36
|
+
"auth_key",
|
|
37
|
+
"auth_credentials",
|
|
38
|
+
"database_url",
|
|
39
|
+
"connection_string"
|
|
40
|
+
]
|
|
41
|
+
tags = ["literal-secret"]
|
|
42
|
+
|
|
43
|
+
[[rules]]
|
|
44
|
+
id = "env-short-secret-assignment"
|
|
45
|
+
description = "Uppercase env-style PASS/TOKEN/SECRET assignment"
|
|
46
|
+
regex = '''\b((?:PASS|TOKEN|SECRET|[A-Z0-9_]*(?:_PASS|_TOKEN|_SECRET|PASS_|TOKEN_|SECRET_)[A-Z0-9_]*))[ \t]*[:=][ \t]*["'']?([^"''[:space:]#{}$.][^"''\n#{}]{2,})["'']?'''
|
|
47
|
+
secretGroup = 2
|
|
48
|
+
keywords = [
|
|
49
|
+
"PASS",
|
|
50
|
+
"TOKEN",
|
|
51
|
+
"SECRET"
|
|
52
|
+
]
|
|
53
|
+
tags = ["env", "literal-secret"]
|
|
54
|
+
|
|
55
|
+
[[rules]]
|
|
56
|
+
id = "standalone-sk-token"
|
|
57
|
+
description = "Standalone sk-* token not attached to a secret-like variable name"
|
|
58
|
+
regex = '''(?i)\b(sk-[A-Za-z0-9][A-Za-z0-9_-]{20,})\b'''
|
|
59
|
+
secretGroup = 1
|
|
60
|
+
entropy = 2.5
|
|
61
|
+
keywords = ["sk-"]
|
|
62
|
+
tags = ["standalone-token", "generic"]
|
|
63
|
+
|
|
64
|
+
[[rules]]
|
|
65
|
+
id = "dotenv-only-jest-setup"
|
|
66
|
+
description = ".env may only contain the committed Jest setup lines"
|
|
67
|
+
path = '''(?i)(^|/)\.env$'''
|
|
68
|
+
regex = '''(?m)^(.+)$'''
|
|
69
|
+
secretGroup = 1
|
|
70
|
+
tags = ["file", "dotenv"]
|
|
71
|
+
[[rules.allowlists]]
|
|
72
|
+
regexTarget = "match"
|
|
73
|
+
regexes = [
|
|
74
|
+
'''^JEST_USE_SETUP=OFF # Jest configuration variables: ON, OFF\r?$''',
|
|
75
|
+
]
|
|
76
|
+
|
|
77
|
+
[[rules]]
|
|
78
|
+
id = "forbidden-secret-file"
|
|
79
|
+
description = "Forbidden secret-bearing file committed to repository"
|
|
80
|
+
path = '''(?i)(^|/)(\.env\..*|\.npmrc|\.pypirc|id_rsa|id_ed25519|.*\.(pem|key|p12|pfx|jks|kubeconfig))$'''
|
|
81
|
+
regex = '''(?s).{1,}'''
|
|
82
|
+
tags = ["file", "secret-file"]
|
|
83
|
+
|
|
84
|
+
[[allowlists]]
|
|
85
|
+
description = "Allow Jenkins SonarQube token environment variable reference"
|
|
86
|
+
regexTarget = "match"
|
|
87
|
+
regexes = [
|
|
88
|
+
'''SONAR_AUTH_TOKEN''',
|
|
89
|
+
]
|
package/CHANGELOG.md
CHANGED
|
@@ -4,11 +4,25 @@ All notable changes to this project will be documented in this file. Dates are d
|
|
|
4
4
|
|
|
5
5
|
Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
|
|
6
6
|
|
|
7
|
-
### [1.3.
|
|
7
|
+
### [1.3.4](https://github.com/eea/volto-bise-policy/compare/1.3.3...1.3.4) - 9 July 2026
|
|
8
8
|
|
|
9
9
|
#### :hammer_and_wrench: Others
|
|
10
10
|
|
|
11
|
-
-
|
|
11
|
+
- enable attributions for osm [Claudia Ifrim - [`de583af`](https://github.com/eea/volto-bise-policy/commit/de583af4eff7c7a3a91a9845eb372e2bfa86fec1)]
|
|
12
|
+
### [1.3.3](https://github.com/eea/volto-bise-policy/compare/1.3.2...1.3.3) - 9 July 2026
|
|
13
|
+
|
|
14
|
+
#### :house: Internal changes
|
|
15
|
+
|
|
16
|
+
- chore: [JENKINSFILE] sanitize sonarqube command [valentinab25 - [`8e2dc1a`](https://github.com/eea/volto-bise-policy/commit/8e2dc1a14f3230f197f009a76bf87587724b6e3a)]
|
|
17
|
+
|
|
18
|
+
#### :hammer_and_wrench: Others
|
|
19
|
+
|
|
20
|
+
- test: pin Chromium version 149 to work with Cypress [valentinab25 - [`5841387`](https://github.com/eea/volto-bise-policy/commit/5841387ae59380ee15af8c82a4df81c4767e1b7c)]
|
|
21
|
+
- Update Betterleaks email notification [Dobricean Ioan Dorian - [`45fae4c`](https://github.com/eea/volto-bise-policy/commit/45fae4cea316af3d3b846d4d7754e63bd7baeaac)]
|
|
22
|
+
- Update Betterleaks config documentation [Dobricean Ioan Dorian - [`e6742c2`](https://github.com/eea/volto-bise-policy/commit/e6742c23bffe88fef239354723dc8ae9aba94469)]
|
|
23
|
+
- Fix betterleaks findings [Dobricean Ioan Dorian - [`b9ef9ba`](https://github.com/eea/volto-bise-policy/commit/b9ef9baf5f6b1036e8d83f90a582298c3688a7ba)]
|
|
24
|
+
### [1.3.2](https://github.com/eea/volto-bise-policy/compare/1.3.1...1.3.2) - 24 June 2026
|
|
25
|
+
|
|
12
26
|
### [1.3.1](https://github.com/eea/volto-bise-policy/compare/1.3.0...1.3.1) - 23 June 2026
|
|
13
27
|
|
|
14
28
|
### [1.3.0](https://github.com/eea/volto-bise-policy/compare/1.3.0-beta.2...1.3.0) - 22 June 2026
|
package/README.md
CHANGED
|
@@ -80,6 +80,65 @@ See [RELEASE.md](https://github.com/eea/volto-bise-policy/blob/master/RELEASE.md
|
|
|
80
80
|
|
|
81
81
|
See [DEVELOP.md](https://github.com/eea/volto-bise-policy/blob/master/DEVELOP.md).
|
|
82
82
|
|
|
83
|
+
## Secret Scanning
|
|
84
|
+
|
|
85
|
+
This repository uses the Betterleaks GitHub Action to scan the current
|
|
86
|
+
repository content on every push and pull request. The scan uses the rules in
|
|
87
|
+
`.gitleaks.toml` and uploads a `betterleaks-report` artifact when a finding is
|
|
88
|
+
detected.
|
|
89
|
+
|
|
90
|
+
If the optional SMTP secrets are configured, failed scans also send an email to
|
|
91
|
+
the last commit committer. The workflow expects these repository or
|
|
92
|
+
organization secrets:
|
|
93
|
+
|
|
94
|
+
- `SMTP_URL`
|
|
95
|
+
- `SMTP_PORT` (optional, defaults to `25`)
|
|
96
|
+
- `SMTP_EMAIL`
|
|
97
|
+
- `SMTP_PASSWORD` (optional if the SMTP server does not require authentication)
|
|
98
|
+
|
|
99
|
+
Port `465` is sent with direct TLS; other ports use the default SMTP handshake.
|
|
100
|
+
The email includes a short finding summary from the redacted Betterleaks report,
|
|
101
|
+
including the redacted matched line from each finding.
|
|
102
|
+
|
|
103
|
+
There are three common outcomes:
|
|
104
|
+
|
|
105
|
+
1. **Everything is OK.** The `Betterleaks / Scan for secrets` check is green and
|
|
106
|
+
no action is needed. Regular references to runtime values are OK, for example:
|
|
107
|
+
|
|
108
|
+
```js
|
|
109
|
+
const tokenFromCookie = req.universalCookies.get('auth_token');
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
2. **A real secret was found.** The check is red and the workflow log asks you to
|
|
113
|
+
download the `betterleaks-report` artifact. Open the artifact from the GitHub
|
|
114
|
+
Actions run and check the reported file, line and rule. Remove the committed
|
|
115
|
+
value, move it to the proper secret store, and rotate it if it was exposed.
|
|
116
|
+
A report entry looks like this:
|
|
117
|
+
|
|
118
|
+
```json
|
|
119
|
+
{
|
|
120
|
+
"RuleID": "secret-literal-assignment",
|
|
121
|
+
"File": "src/config.js",
|
|
122
|
+
"StartLine": 12,
|
|
123
|
+
"Secret": "[REDACTED]"
|
|
124
|
+
}
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
3. **The finding is a false positive.** Keep the value only if it is clearly not
|
|
128
|
+
sensitive, such as a test fixture, placeholder, or public example. Add
|
|
129
|
+
`betterleaks:allow` on the same line and include a short explanation in the
|
|
130
|
+
pull request.
|
|
131
|
+
|
|
132
|
+
```js
|
|
133
|
+
const testPassword = 'admin'; //betterleaks:allow
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
```yaml
|
|
137
|
+
password: "admin" #betterleaks:allow
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
Do not add `betterleaks:allow` to real credentials.
|
|
141
|
+
|
|
83
142
|
## Copyright and license
|
|
84
143
|
|
|
85
144
|
The Initial Owner of the Original Code is European Environment Agency (EEA).
|
package/RELEASE.md
CHANGED
|
@@ -33,7 +33,7 @@ Release-it is a tool that automates 4 important steps in the release process:
|
|
|
33
33
|
To configure the authentification, you need to export GITHUB_TOKEN for [GitHub](https://github.com/settings/tokens)
|
|
34
34
|
|
|
35
35
|
```
|
|
36
|
-
export GITHUB_TOKEN=
|
|
36
|
+
export GITHUB_TOKEN="${GITHUB_TOKEN}"
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
To configure npm, you can use the `npm login` command or use a configuration file with a TOKEN :
|
package/package.json
CHANGED
|
@@ -9,6 +9,7 @@ import {
|
|
|
9
9
|
} from '@eeacms/volto-openlayers-map/api';
|
|
10
10
|
import React, { useState } from 'react';
|
|
11
11
|
import { useMapContext } from '@eeacms/volto-openlayers-map/hocs';
|
|
12
|
+
import { GISCO_OSM_ATTRIBUTION } from '@eeacms/volto-bise-policy/constants';
|
|
12
13
|
|
|
13
14
|
function PinInteraction({ longitude, latitude, onChange, ol }) {
|
|
14
15
|
const mapContext = useMapContext();
|
|
@@ -77,6 +78,7 @@ const TileSetLoader = (props) => {
|
|
|
77
78
|
setTileWMSSources([
|
|
78
79
|
new ol.source.TileWMS({
|
|
79
80
|
url: 'https://gisco-services.ec.europa.eu/maps/service',
|
|
81
|
+
attributions: GISCO_OSM_ATTRIBUTION,
|
|
80
82
|
params: {
|
|
81
83
|
LAYERS: 'OSMBlossomComposite',
|
|
82
84
|
TILED: true,
|
|
@@ -102,10 +104,13 @@ const MapContainer = (props) => {
|
|
|
102
104
|
zoom: 15,
|
|
103
105
|
}}
|
|
104
106
|
pixelRatio={1}
|
|
105
|
-
controls={ol.control.defaults({ attribution: false })}
|
|
106
107
|
>
|
|
107
108
|
<Layers>
|
|
108
|
-
<Controls
|
|
109
|
+
<Controls
|
|
110
|
+
attribution={true}
|
|
111
|
+
attributionOptions={{ collapsible: false }}
|
|
112
|
+
zoom={false}
|
|
113
|
+
/>
|
|
109
114
|
<PinInteraction
|
|
110
115
|
ol={ol}
|
|
111
116
|
latitude={latitude}
|
|
@@ -10,6 +10,7 @@ import {
|
|
|
10
10
|
useMapContext,
|
|
11
11
|
} from '@eeacms/volto-openlayers-map/api';
|
|
12
12
|
import { withOpenLayers } from '@eeacms/volto-openlayers-map';
|
|
13
|
+
import { GISCO_OSM_ATTRIBUTION } from '@eeacms/volto-bise-policy/constants';
|
|
13
14
|
|
|
14
15
|
import InfoOverlay from './InfoOverlay';
|
|
15
16
|
import FeatureInteraction from './FeatureInteraction';
|
|
@@ -45,6 +46,7 @@ function CaseStudyMap(props) {
|
|
|
45
46
|
const [tileWMSSources] = React.useState([
|
|
46
47
|
new ol.source.TileWMS({
|
|
47
48
|
url: 'https://gisco-services.ec.europa.eu/maps/service',
|
|
49
|
+
attributions: GISCO_OSM_ATTRIBUTION,
|
|
48
50
|
params: {
|
|
49
51
|
// LAYERS: 'OSMBlossomComposite', OSMCartoComposite, OSMPositronComposite
|
|
50
52
|
LAYERS: 'OSMPositronComposite',
|
|
@@ -130,9 +132,11 @@ function CaseStudyMap(props) {
|
|
|
130
132
|
zoom: 4,
|
|
131
133
|
}}
|
|
132
134
|
pixelRatio={1}
|
|
133
|
-
// controls={ol.control.defaults({ attribution: false })}
|
|
134
135
|
>
|
|
135
|
-
<Controls
|
|
136
|
+
<Controls
|
|
137
|
+
attribution={true}
|
|
138
|
+
attributionOptions={{ collapsible: false }}
|
|
139
|
+
/>
|
|
136
140
|
<Layers>
|
|
137
141
|
{hideFilters ? null : (
|
|
138
142
|
<button
|
package/src/constants.js
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
// Basemap attribution strings. OpenStreetMap-derived basemaps (GISCO OSM*
|
|
2
|
+
// composites) must credit "© OpenStreetMap contributors" per the ODbL —
|
|
3
|
+
// https://www.openstreetmap.org/copyright
|
|
4
|
+
export const OSM_ATTRIBUTION =
|
|
5
|
+
'© <a href="https://www.openstreetmap.org/copyright" target="_blank" rel="noopener noreferrer">OpenStreetMap</a> contributors';
|
|
6
|
+
|
|
7
|
+
export const GISCO_OSM_ATTRIBUTION = `${OSM_ATTRIBUTION}, © <a href="https://ec.europa.eu/eurostat/web/gisco" target="_blank" rel="noopener noreferrer">Eurostat/GISCO</a>`;
|