Attributing hill shades data original sources

[hungerburg]

With the hill shades layer active, a link to the Terrain Tiles repository appears in the attributions panel. They are just an intermediary though. The original source is sent in the HTTP header x-amz-meta-x-imagery-sources of their tiles, so some clever scripting could attribute those too.

E.g. x-amz-meta-x-imagery-sources: austria/ogd-10m-at.tif might show "data.gv.at" as stated on https://www.data.gv.at/katalog/dataset/b5de6975-417b-4320-afdb-eb2a9e2a1dbf - linked from https://github.com/tilezen/joerd/blob/master/docs/data-sources.md

[nrenner]

These layer links on the map, like "Hillshading" that points to https://registry.opendata.aws/terrain-tiles/, aren't actually meant as attribution, but usually open the original map site at the same position, or the homepage where there is no map, like in this case.

The actual attribution is behind the "Copyright" link when the layer is active,

Hillshading Terrain Tiles at Registry of Open Data on AWS: ... Austria terrain data © offene Daten Österreichs – Digitales Geländemodell (DGM) Österreich ...

taken from https://github.com/tilezen/joerd/blob/master/docs/attribution.md.

Thanks for pointing at the x-amz-meta-x-imagery-sources HTTP header, I wasn't aware of that.

I haven't tried, but I don't think we can actually read that header from JavaScript in the browser:

• tile loading is done by Maplibre library, not sure we can intercept that easily. It allows to set request headers with transformRequest, but probably not to read response headers?
• the browser will probably deny access to non-CORS-safelisted headers, unless a Access-Control-Expose-Headers header is configured, which doesn't seem to be the case

[hungerburg]

Does that CORS stuff mean, even -- if you'd know the locations of the tiles -- if you'd every now and then, eg. when center of the map moved more than a number of kilometers, sent a HEAD request to aws, it would not be able to see the header that contains the attributable source of the data?

Reading up a bit on CORS, indeed, the aws server does not allow cross origin scripts access to any response header at all. Even the developer tools cannot show them. Only a direct call will reveal the x-amz-meta-x-imagery-sources. Kind of defeating its purpose.

[nrenner]

Does that CORS stuff mean, [...] it would not be able to see the header that contains the attributable source of the data?

Yes, see this little demo that can only read the headers content-length, content-type, last-modified.

Closing, as we do attribute the original sources and view-based attribution is not possible right now.

[hungerburg]

Terrain Tiles now exposes the source of their hill shades in cross origin requests. That went quick :) Not wanting to be a nuisance, I'd say that https://github.com/tilezen/joerd/blob/master/docs/data-sources.md would be the more appropriate target for the "hillshades" link in brouter-web.