X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/25dbc4d43e41d30f764d1545548de3b95a307d61..e2839ae0988c8493e0f4f626695a0f4a7abd39d8:/app/controllers/application_controller.rb?ds=inline diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fdc2ac4e8..bde7e0287 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -21,7 +21,7 @@ class ApplicationController < ActionController::Base def self.allow_thirdparty_images(**options) content_security_policy(options) do |policy| - policy.img_src("*") + policy.img_src("*", :data) end end @@ -215,10 +215,10 @@ class ApplicationController < ActionController::Base ## # wrap a web page in a timeout - def web_timeout(&block) + def web_timeout(&) raise Timeout::Error if Settings.web_timeout.negative? - Timeout.timeout(Settings.web_timeout, &block) + Timeout.timeout(Settings.web_timeout, &) rescue ActionView::Template::Error => e e = e.cause @@ -253,9 +253,7 @@ class ApplicationController < ActionController::Base def map_layout policy = request.content_security_policy.clone - policy.child_src(*policy.child_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112") - policy.frame_src(*policy.frame_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112") - policy.connect_src(*policy.connect_src, Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url) + policy.connect_src(*policy.connect_src, "http://127.0.0.1:8111", Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url) policy.form_action(*policy.form_action, "render.openstreetmap.org") policy.style_src(*policy.style_src, :unsafe_inline)