+ # Unfortunately if a PUT or POST request that has a body fails to
+ # read it then Apache will sometimes fail to return the response it
+ # is given to the client properly, instead erroring:
+ #
+ # https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
+ #
+ # To work round this we call rewind on the body here, which is added
+ # as a filter, to force it to be fetched from Apache into a file.
+ def fetch_body
+ request.body.rewind
+ end
+
+ def map_layout
+ append_content_security_policy_directives(
+ :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+ :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+ :connect_src => [Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url],
+ :form_action => %w[render.openstreetmap.org],
+ :style_src => %w['unsafe-inline']
+ )
+
+ case Settings.status
+ when "database_offline", "api_offline"
+ flash.now[:warning] = t("layouts.osm_offline")
+ when "database_readonly", "api_readonly"
+ flash.now[:warning] = t("layouts.osm_read_only")
+ end
+
+ request.xhr? ? "xhr" : "map"
+ end
+
+ def allow_thirdparty_images
+ append_content_security_policy_directives(:img_src => %w[*])
+ end
+
+ def preferred_editor
+ if params[:editor]
+ params[:editor]
+ elsif current_user&.preferred_editor
+ current_user.preferred_editor
+ else
+ Settings.default_editor
+ end
+ end
+
+ helper_method :preferred_editor
+
+ def update_totp
+ if Settings.key?(:totp_key)
+ cookies["_osm_totp_token"] = {
+ :value => ROTP::TOTP.new(Settings.totp_key, :interval => 3600).now,
+ :domain => "openstreetmap.org",
+ :expires => 1.hour.from_now
+ }
+ end
+ end
+
+ def better_errors_allow_inline
+ yield
+ rescue StandardError
+ append_content_security_policy_directives(
+ :script_src => %w['unsafe-inline'],
+ :style_src => %w['unsafe-inline']
+ )
+
+ raise
+ end
+
+ def current_ability
+ Ability.new(current_user)