X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/30756f72ca2e3db095d00bc3b90bb3e47ca4ab6f..c356e670ce210cafaf9a191a7323e6c67722bee6:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3afb17f47..db4ae9ad3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base protect_from_forgery :with => :exception before_action :fetch_body + around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } attr_accessor :current_user helper_method :current_user @@ -455,6 +456,17 @@ class ApplicationController < ActionController::Base end end + def better_errors_allow_inline + yield + rescue StandardError + append_content_security_policy_directives( + :script_src => %w['unsafe-inline'], + :style_src => %w['unsafe-inline'] + ) + + raise + end + private # extract authorisation credentials from headers, returns user = nil if none