X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/30756f72ca2e3db095d00bc3b90bb3e47ca4ab6f..d5e6acaaceb5e74a76369bdfb9413d26ba99e721:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3afb17f47..f35493b26 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery :with => :exception
 
   before_action :fetch_body
+  around_action :better_errors_allow_inline, :if => proc { Rails.env.development? }
 
   attr_accessor :current_user
   helper_method :current_user
@@ -282,8 +283,7 @@ class ApplicationController < ActionController::Base
     # TODO: some sort of escaping of problem characters in the message
     response.headers["Error"] = message
 
-    if request.headers["X-Error-Format"] &&
-       request.headers["X-Error-Format"].casecmp("xml").zero?
+    if request.headers["X-Error-Format"]&.casecmp("xml")&.zero?
       result = OSM::API.new.get_xml_doc
       result.root.name = "osmError"
       result.root << (XML::Node.new("status") << "#{Rack::Utils.status_code(status)} #{Rack::Utils::HTTP_STATUS_CODES[status]}")
@@ -309,7 +309,7 @@ class ApplicationController < ActionController::Base
   helper_method :preferred_languages
 
   def set_locale(reset = false)
-    if current_user && current_user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
+    if current_user&.languages&.empty? && !http_accept_language.user_preferred_languages.empty?
       current_user.languages = http_accept_language.user_preferred_languages
       current_user.save
     end
@@ -434,7 +434,7 @@ class ApplicationController < ActionController::Base
   def preferred_editor
     editor = if params[:editor]
                params[:editor]
-             elsif current_user && current_user.preferred_editor
+             elsif current_user&.preferred_editor
                current_user.preferred_editor
              else
                DEFAULT_EDITOR
@@ -455,6 +455,17 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def better_errors_allow_inline
+    yield
+  rescue StandardError
+    append_content_security_policy_directives(
+      :script_src => %w['unsafe-inline'],
+      :style_src => %w['unsafe-inline']
+    )
+
+    raise
+  end
+
   private
 
   # extract authorisation credentials from headers, returns user = nil if none