# method, otherwise an OAuth token was used, which has to be checked.
unless current_token.nil?
unless current_token.read_attribute(cap)
- report_error "OAuth token doesn't have that capability.", :forbidden
+ set_locale
+ report_error t("oauth.permissions.missing"), :forbidden
false
end
end
rescue ActionView::Template::Error => ex
ex = ex.original_exception
- if ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/
+ if ex.is_a?(Timeout::Error) ||
+ (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/)
render :action => "timeout"
else
raise
end
def map_layout
+ append_content_security_policy_directives(
+ :connect_src => %w(nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com),
+ :script_src => %w(graphhopper.com open.mapquestapi.com),
+ :img_src => %w(developer.mapquest.com)
+ )
+
request.xhr? ? "xhr" : "map"
end