]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/export_controller.rb
Merge remote-tracking branch 'upstream/pull/4970'
[rails.git] / app / controllers / export_controller.rb
index d901dccc9e9a721570c1d91360e9e9ce420c1bf5..cddc97b6883e13044601c5b4a3a24b1f84d83f74 100644 (file)
@@ -4,6 +4,10 @@ class ExportController < ApplicationController
   before_action :update_totp, :only => [:finish]
   authorize_resource :class => false
 
+  content_security_policy(:only => :embed) do |policy|
+    policy.frame_ancestors("*")
+  end
+
   caches_page :embed
 
   # When the user clicks 'Export' we redirect to a URL which generates the export download
@@ -21,13 +25,9 @@ class ExportController < ApplicationController
       format = params[:mapnik_format]
       scale = params[:mapnik_scale]
 
-      redirect_to "https://render.openstreetmap.org/cgi-bin/export?bbox=#{bbox}&scale=#{scale}&format=#{format}"
+      redirect_to "https://render.openstreetmap.org/cgi-bin/export?bbox=#{bbox}&scale=#{scale}&format=#{format}", :allow_other_host => true
     end
   end
 
-  def embed
-    append_content_security_policy_directives(
-      :frame_ancestors => %w[*]
-    )
-  end
+  def embed; end
 end