X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3fd083d9d4f3c266ad9bc8bbf337f44c184d15a2..414c4b2c36bc78ece037e30bf8139b129abcd280:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6c6a087b7..38758e1df 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -393,6 +393,7 @@ class ApplicationController < ActionController::Base :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112], :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL], :form_action => %w[render.openstreetmap.org], + :style_src => %w['unsafe-inline'], :script_src => [MAPQUEST_DIRECTIONS_URL], :img_src => %w[developer.mapquest.com] ) @@ -446,9 +447,9 @@ class ApplicationController < ActionController::Base end def current_ability - # Add in capabilities from the oauth token if it exists and is a valid access token + # Use capabilities from the oauth token if it exists and is a valid access token if Authenticator.new(self, [:token]).allow? - Ability.new(current_user).merge(Capability.new(current_token)) + Ability.new(nil).merge(Capability.new(current_token)) else Ability.new(current_user) end