X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/981e4a34b5d5ea1c1e3da1518697e2cf5e6ab0b3..1e30edba53f179fb06a1233b245252d1d5a8ead1:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0411f75c4..38758e1df 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -393,6 +393,7 @@ class ApplicationController < ActionController::Base :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112], :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL], :form_action => %w[render.openstreetmap.org], + :style_src => %w['unsafe-inline'], :script_src => [MAPQUEST_DIRECTIONS_URL], :img_src => %w[developer.mapquest.com] ) @@ -448,7 +449,7 @@ class ApplicationController < ActionController::Base def current_ability # Use capabilities from the oauth token if it exists and is a valid access token if Authenticator.new(self, [:token]).allow? - Capability.new(current_token) + Ability.new(nil).merge(Capability.new(current_token)) else Ability.new(current_user) end