X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/41000078b9e0131d75ce610f148655fb7b32da73..ae4487921350e141efed42fdf7cd3fd70d72bc97:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a809139ce..a51dad875 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,9 @@ class ApplicationController < ActionController::Base before_action :fetch_body + attr_accessor :current_user + helper_method :current_user + def authorize_web if session[:user] self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first @@ -47,7 +50,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth = @user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY + @oauth = current_user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY end ## @@ -343,7 +346,7 @@ class ApplicationController < ActionController::Base # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. def assert_method(method) ok = request.send((method.to_s.downcase + "?").to_sym) - raise OSM::APIBadMethodError.new(method) unless ok + raise OSM::APIBadMethodError, method unless ok end ## @@ -363,7 +366,7 @@ class ApplicationController < ActionController::Base yield end rescue ActionView::Template::Error => ex - ex = ex.original_exception + ex = ex.cause if ex.is_a?(Timeout::Error) || (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/) @@ -410,7 +413,9 @@ class ApplicationController < ActionController::Base def map_layout append_content_security_policy_directives( - :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com], + :child_src => %w[127.0.0.1:8111], + :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org], + :form_action => %w[render.openstreetmap.org], :script_src => %w[graphhopper.com open.mapquestapi.com], :img_src => %w[developer.mapquest.com] ) @@ -424,6 +429,10 @@ class ApplicationController < ActionController::Base request.xhr? ? "xhr" : "map" end + def allow_thirdparty_images + append_content_security_policy_directives(:img_src => %w[*]) + end + def preferred_editor editor = if params[:editor] params[:editor] @@ -466,16 +475,6 @@ class ApplicationController < ActionController::Base [user, pass] end - # used to get the current logged in user - def current_user - @user - end - - # used to set the current logged in user - def current_user=(user) - @user = user - end - # override to stop oauth plugin sending errors def invalid_oauth_response; end end