Allow thirdparty images on failed diary comment saves

diff --git a/app/controllers/diary_comments_controller.rb b/app/controllers/diary_comments_controller.rb
index f6597cf4c0fac1f74fa69a2c12b9851fdc6ab4ad..676bc22a66a10306f1fc8c5f7628d40c5e7baee5 100644 (file)
--- a/app/controllers/diary_comments_controller.rb
+++ b/app/controllers/diary_comments_controller.rb
@@ -13,7 +13,7 @@ class DiaryCommentsController < ApplicationController
   before_action :lookup_user, :only => :index
   before_action :check_database_writable, :only => [:create, :hide, :unhide]
 
-  allow_thirdparty_images :only => :index
+  allow_thirdparty_images :only => [:index, :create]
 
   def index
     @title = t ".title", :user => @user.display_name

diff --git a/test/controllers/diary_comments_controller_test.rb b/test/controllers/diary_comments_controller_test.rb
index 65a71a9b57b05d8f4eda9c53a4f535d143d270b5..3ea9bc09400d5334d3a80044d68089736591b427 100644 (file)
--- a/test/controllers/diary_comments_controller_test.rb
+++ b/test/controllers/diary_comments_controller_test.rb
@@ -104,6 +104,7 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
     end
     assert_response :success
     assert_template :new
+    assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
 
     # Now try again with the right id
     assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do