+ ok = request.send(:"#{method.to_s.downcase}?")
+ raise OSM::APIBadMethodError, method unless ok
+ end
+
+ ##
+ # wrap an api call in a timeout
+ def api_call_timeout(&block)
+ Timeout.timeout(Settings.api_timeout, Timeout::Error, &block)
+ rescue Timeout::Error
+ raise OSM::APITimeoutError
+ end
+
+ ##
+ # wrap a web page in a timeout
+ def web_timeout(&block)
+ Timeout.timeout(Settings.web_timeout, Timeout::Error, &block)
+ rescue ActionView::Template::Error => e
+ e = e.cause
+
+ if e.is_a?(Timeout::Error) ||
+ (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired"))
+ render :action => "timeout"
+ else
+ raise
+ end
+ rescue Timeout::Error
+ render :action => "timeout"
+ end
+
+ ##
+ # ensure that there is a "user" instance variable
+ def lookup_user
+ render_unknown_user params[:display_name] unless @user = User.active.find_by(:display_name => params[:display_name])
+ end
+
+ ##
+ # render a "no such user" page
+ def render_unknown_user(name)
+ @title = t "users.no_such_user.title"
+ @not_found_user = name
+
+ respond_to do |format|
+ format.html { render :template => "users/no_such_user", :status => :not_found }
+ format.all { head :not_found }
+ end
+ end
+
+ ##
+ # Unfortunately if a PUT or POST request that has a body fails to
+ # read it then Apache will sometimes fail to return the response it
+ # is given to the client properly, instead erroring:
+ #
+ # https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
+ #
+ # To work round this we call rewind on the body here, which is added
+ # as a filter, to force it to be fetched from Apache into a file.
+ def fetch_body
+ request.body.rewind
+ end
+
+ def map_layout
+ append_content_security_policy_directives(
+ :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+ :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+ :connect_src => [Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url],
+ :form_action => %w[render.openstreetmap.org],
+ :style_src => %w['unsafe-inline']
+ )
+
+ case Settings.status
+ when "database_offline", "api_offline"
+ flash.now[:warning] = t("layouts.osm_offline")
+ when "database_readonly", "api_readonly"
+ flash.now[:warning] = t("layouts.osm_read_only")
+ end
+
+ request.xhr? ? "xhr" : "map"
+ end
+
+ def allow_thirdparty_images
+ append_content_security_policy_directives(:img_src => %w[*])