X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c203edda20370bb1760a091356f334d342ccb25b..425f42dd8008d9962c7bee0cadfbdcf33e1f4f95:/app/controllers/application_controller.rb?ds=inline diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0411f75c4..38758e1df 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -393,6 +393,7 @@ class ApplicationController < ActionController::Base :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112], :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL], :form_action => %w[render.openstreetmap.org], + :style_src => %w['unsafe-inline'], :script_src => [MAPQUEST_DIRECTIONS_URL], :img_src => %w[developer.mapquest.com] ) @@ -448,7 +449,7 @@ class ApplicationController < ActionController::Base def current_ability # Use capabilities from the oauth token if it exists and is a valid access token if Authenticator.new(self, [:token]).allow? - Capability.new(current_token) + Ability.new(nil).merge(Capability.new(current_token)) else Ability.new(current_user) end