X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/09ba878519c73d517fa88fc1c2cad1d1924fdf84..870e9e41e3c2b23b8b5e6730d91ea9ad1c89463d:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a367a1b0a..db5d086ec 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base before_action :fetch_body + attr_accessor :current_user helper_method :current_user def authorize_web @@ -345,7 +346,7 @@ class ApplicationController < ActionController::Base # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. def assert_method(method) ok = request.send((method.to_s.downcase + "?").to_sym) - raise OSM::APIBadMethodError.new(method) unless ok + raise OSM::APIBadMethodError, method unless ok end ## @@ -365,7 +366,7 @@ class ApplicationController < ActionController::Base yield end rescue ActionView::Template::Error => ex - ex = ex.original_exception + ex = ex.cause if ex.is_a?(Timeout::Error) || (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/) @@ -412,7 +413,9 @@ class ApplicationController < ActionController::Base def map_layout append_content_security_policy_directives( + :child_src => %w[127.0.0.1:8111 127.0.0.1:8112], :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com], + :form_action => %w[render.openstreetmap.org], :script_src => %w[graphhopper.com open.mapquestapi.com], :img_src => %w[developer.mapquest.com] ) @@ -426,6 +429,10 @@ class ApplicationController < ActionController::Base request.xhr? ? "xhr" : "map" end + def allow_thirdparty_images + append_content_security_policy_directives(:img_src => %w[*]) + end + def preferred_editor editor = if params[:editor] params[:editor] @@ -468,16 +475,6 @@ class ApplicationController < ActionController::Base [user, pass] end - # used to get the current logged in user - def current_user - @user - end - - # used to set the current logged in user - def current_user=(user) - @user = user - end - # override to stop oauth plugin sending errors def invalid_oauth_response; end end