X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/e31376e28da8f656e33508cc899da465b63673c5..e0faf6843746464d85a0cfbfc071226c2d62148d:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 68fc4338e..db5d086ec 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -346,7 +346,7 @@ class ApplicationController < ActionController::Base # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. def assert_method(method) ok = request.send((method.to_s.downcase + "?").to_sym) - raise OSM::APIBadMethodError.new(method) unless ok + raise OSM::APIBadMethodError, method unless ok end ## @@ -366,7 +366,7 @@ class ApplicationController < ActionController::Base yield end rescue ActionView::Template::Error => ex - ex = ex.original_exception + ex = ex.cause if ex.is_a?(Timeout::Error) || (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/) @@ -413,7 +413,9 @@ class ApplicationController < ActionController::Base def map_layout append_content_security_policy_directives( + :child_src => %w[127.0.0.1:8111 127.0.0.1:8112], :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com], + :form_action => %w[render.openstreetmap.org], :script_src => %w[graphhopper.com open.mapquestapi.com], :img_src => %w[developer.mapquest.com] ) @@ -427,6 +429,10 @@ class ApplicationController < ActionController::Base request.xhr? ? "xhr" : "map" end + def allow_thirdparty_images + append_content_security_policy_directives(:img_src => %w[*]) + end + def preferred_editor editor = if params[:editor] params[:editor]