Update bundle

[rails.git] / app / controllers / site_controller.rb

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 1cb848ea6ef09685407b622c3e83d4131fdfdb1c..02852dc67f12a1cc3f286872c3e8993a2a63daff 100644 (file)
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -7,6 +7,7 @@ class SiteController < ApplicationController
   before_action :redirect_browse_params, :only => :index
   before_action :redirect_map_params, :only => [:index, :edit, :export]
   before_action :require_oauth, :only => [:index]
+  before_action :require_user, :only => [:id]
   before_action :update_totp, :only => [:index]
 
   authorize_resource :class => false
@@ -61,14 +62,7 @@ class SiteController < ApplicationController
       require_user
     end
 
-    if %w[potlatch potlatch2].include?(editor)
-      append_content_security_policy_directives(
-        :connect_src => %w[*],
-        :object_src => %w[*],
-        :plugin_types => %w[application/x-shockwave-flash],
-        :script_src => %w['unsafe-inline']
-      )
-    elsif %w[id].include?(editor)
+    if %w[id].include?(editor)
       append_content_security_policy_directives(
         :frame_src => %w[blob:]
       )