X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/f0b2ed9bb6c1e153231b8088eabe6e3edcee9420..effb1b7f4170bb7244c4dfffcbe6134fe00e2bc4:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index e25d3c8b6..5c41a79dc 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -18,6 +18,7 @@ class UserController < ApplicationController around_action :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files] before_action :lookup_user_by_id, :only => [:api_read] before_action :lookup_user_by_name, :only => [:set_status, :delete] + before_action :allow_thirdparty_images, :only => [:view, :account] def terms @legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || DEFAULT_LEGALE @@ -202,6 +203,10 @@ class UserController < ApplicationController @title = t "user.new.title" @referer = params[:referer] || session[:referer] + append_content_security_policy_directives( + :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org] + ) + if current_user # The user is logged in already, so don't show them the signup # page, instead send them to the home page