X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3d79f9fd88ab2784b292c8eafc46070472b2a4c9..473aff084dca414d920cbd10e6615a358e93b0bb:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5bfec4ab6..f6006fe5e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,8 +20,8 @@ class ApplicationController < ActionController::Base
   helper_method :oauth_token
 
   def self.allow_thirdparty_images(**options)
-    content_security_policy(options) do |policy|
-      policy.img_src("*")
+    content_security_policy(**options) do |policy|
+      policy.img_src("*", :data)
     end
   end
 
@@ -56,11 +56,11 @@ class ApplicationController < ActionController::Base
       # don't allow access to any auth-requiring part of the site unless
       # the new CTs have been seen (and accept/decline chosen).
       elsif !current_user.terms_seen && flash[:skip_terms].nil?
-        flash[:notice] = t "users.terms.you need to accept or decline"
+        flash[:notice] = t "accounts.terms.show.you need to accept or decline"
         if params[:referer]
-          redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
+          redirect_to account_terms_path(:referer => params[:referer])
         else
-          redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
+          redirect_to account_terms_path(:referer => request.fullpath)
         end
       end
     end
@@ -114,7 +114,7 @@ class ApplicationController < ActionController::Base
 
   def check_database_writable(need_api: false)
     if Settings.status == "database_offline" || Settings.status == "database_readonly" ||
-       (need_api && (Settings.status == "api_offline" || Settings.status == "api_readonly"))
+       (need_api && %w[api_offline api_readonly].include?(Settings.status))
       if request.xhr?
         report_error "Database offline for maintenance", :service_unavailable
       else
@@ -253,9 +253,7 @@ class ApplicationController < ActionController::Base
   def map_layout
     policy = request.content_security_policy.clone
 
-    policy.child_src(*policy.child_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112")
-    policy.frame_src(*policy.frame_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112")
-    policy.connect_src(*policy.connect_src, Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url)
+    policy.connect_src(*policy.connect_src, "http://127.0.0.1:8111", Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url)
     policy.form_action(*policy.form_action, "render.openstreetmap.org")
     policy.style_src(*policy.style_src, :unsafe_inline)
 
@@ -341,7 +339,7 @@ class ApplicationController < ActionController::Base
     begin
       referer = URI.parse(referer)
 
-      if referer.scheme == "http" || referer.scheme == "https"
+      if %w[http https].include?(referer.scheme)
         referer.scheme = nil
         referer.host = nil
         referer.port = nil