Après ajout de *.openstreetmap.org et *.openstreetmap.fr ça fonctionne chez moi.
Mon fichier install/apache_security de Jeedom complet.
<Directory /var/www/html>
Options -Indexes -ExecCGI -FollowSymLinks
AllowOverride All
</Directory>
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "sameorigin"
Header set X-XSS-Protection "1; mode=block"
Header unset X-Powered-By
Header set Referrer-Policy: strict-origin-when-cross-origin
Header set Permissions-Policy "accelerometer=(),battery=(),fullscreen=(self),geolocation=(),camera=(),ambient-light-sensor=(self),autoplay=(self)"
Header set Content-Security-Policy "default-src 'self' file: data: blob: filesystem:;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.fr *.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.fr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.fr;img-src 'self' *.jeedom.com *.google.com *.google.fr *.googleapis.com *.openstreetmap.fr *.openstreetmap.org data:;style-src 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-inline';worker-src blob:;frame-src 'self' *.jeedom.com *.google.com *.google.fr *.googleapis.com data:;"
</IfModule>
A installer en utilisant Erreur directive de Content Security Policy - #7 par jpty car il faut redémarrer Apache
Merci Bad pour la piste *.tile.openstreetmap.fr mais dans mes derniers tests *.openstreetmap.fr match *.tile.openstreetmap.fr