append_content_security_policy_directives(
:connect_src => %w[*],
:img_src => %w[* blob:],
- :script_src => %w[dev.virtualearth.net 'unsafe-eval']
+ :script_src => %w[dev.virtualearth.net *.wikipedia.org www.wikidata.org 'unsafe-eval']
)
render "id", :layout => false
match "/message/new/:display_name" => "messages#new", :via => [:get, :post], :as => "new_message"
get "/message/read/:message_id" => "messages#show", :as => "message"
post "/message/mark/:message_id" => "messages#mark", :as => "mark_message"
- get "/message/reply/:message_id" => "messages#reply", :as => "reply_message"
+ match "/message/reply/:message_id" => "messages#reply", :via => [:get, :post], :as => "reply_message"
post "/message/delete/:message_id" => "messages#destroy", :as => "destroy_message"
# oauth admin pages (i.e: for setting up new clients, etc...)
{ :path => "/message/reply/1", :method => :get },
{ :controller => "messages", :action => "reply", :message_id => "1" }
)
+ assert_routing(
+ { :path => "/message/reply/1", :method => :post },
+ { :controller => "messages", :action => "reply", :message_id => "1" }
+ )
assert_routing(
{ :path => "/message/delete/1", :method => :post },
{ :controller => "messages", :action => "destroy", :message_id => "1" }