X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/84765f2e6de42bc188139cfa9fae77a233df2d68..d877cd1ebc3a1949d458de7c110ae2e7293fd445:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cc006c19c..25c430f1c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -20,8 +20,8 @@ class ApplicationController < ActionController::Base helper_method :oauth_token def self.allow_thirdparty_images(**options) - content_security_policy(options) do |policy| - policy.img_src("*") + content_security_policy(**options) do |policy| + policy.img_src("*", :data) end end @@ -56,11 +56,11 @@ class ApplicationController < ActionController::Base # don't allow access to any auth-requiring part of the site unless # the new CTs have been seen (and accept/decline chosen). elsif !current_user.terms_seen && flash[:skip_terms].nil? - flash[:notice] = t "users.terms.you need to accept or decline" + flash[:notice] = t "accounts.terms.show.you need to accept or decline" if params[:referer] - redirect_to :controller => "users", :action => "terms", :referer => params[:referer] + redirect_to account_terms_path(:referer => params[:referer]) else - redirect_to :controller => "users", :action => "terms", :referer => request.fullpath + redirect_to account_terms_path(:referer => request.fullpath) end end end @@ -215,21 +215,26 @@ class ApplicationController < ActionController::Base ## # wrap a web page in a timeout - def web_timeout(&block) - Timeout.timeout(Settings.web_timeout, &block) + def web_timeout(&) + raise Timeout::Error if Settings.web_timeout.negative? + + Timeout.timeout(Settings.web_timeout, &) rescue ActionView::Template::Error => e e = e.cause if e.is_a?(Timeout::Error) || (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired")) - ActiveRecord::Base.connection.raw_connection.cancel - render :action => "timeout" + respond_to_timeout else raise end rescue Timeout::Error + respond_to_timeout + end + + def respond_to_timeout ActiveRecord::Base.connection.raw_connection.cancel - render :action => "timeout" + render :action => "timeout", :status => :gateway_timeout end ## @@ -248,9 +253,7 @@ class ApplicationController < ActionController::Base def map_layout policy = request.content_security_policy.clone - policy.child_src(*policy.child_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112") - policy.frame_src(*policy.frame_src, "http://127.0.0.1:8111", "https://127.0.0.1:8112") - policy.connect_src(*policy.connect_src, Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url) + policy.connect_src(*policy.connect_src, "http://127.0.0.1:8111", Settings.nominatim_url, Settings.overpass_url, Settings.fossgis_osrm_url, Settings.graphhopper_url, Settings.fossgis_valhalla_url) policy.form_action(*policy.form_action, "render.openstreetmap.org") policy.style_src(*policy.style_src, :unsafe_inline) @@ -276,7 +279,15 @@ class ApplicationController < ActionController::Base end end - helper_method :preferred_editor + def preferred_color_scheme(subject) + if current_user + current_user.preferences.find_by(:k => "#{subject}.color_scheme")&.v || "auto" + else + "auto" + end + end + + helper_method :preferred_editor, :preferred_color_scheme def update_totp if Settings.key?(:totp_key) @@ -323,20 +334,6 @@ class ApplicationController < ActionController::Base end end - # extract authorisation credentials from headers, returns user = nil if none - def auth_data - if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it - authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split - elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi - authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split - elsif request.env.key? "HTTP_AUTHORIZATION" # regular location - authdata = request.env["HTTP_AUTHORIZATION"].to_s.split - end - # only basic authentication supported - user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic" - [user, pass] - end - # clean any referer parameter def safe_referer(referer) begin