]>
git.openstreetmap.org Git - rails.git/log
Tom Hughes [Thu, 30 May 2024 15:22:38 +0000 (16:22 +0100)]
Merge remote-tracking branch 'upstream/pull/4857'
Tom Hughes [Thu, 30 May 2024 15:20:54 +0000 (16:20 +0100)]
Merge remote-tracking branch 'upstream/pull/4847'
translatewiki.net [Thu, 30 May 2024 12:23:28 +0000 (14:23 +0200)]
Localisation updates from https://translatewiki.net.
Nenad Vujicic [Wed, 29 May 2024 09:32:48 +0000 (11:32 +0200)]
Fixed "or divider" issue described in #4773 by adding mb-2 below "or" divider
Milan Cvetkovic [Mon, 27 May 2024 14:40:53 +0000 (14:40 +0000)]
Social sign-in: avoid re-authorization in `users_controller#create`
It does not add any additional guards against malicious users:
Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.
In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.
This PR removes the re-authorization request from `POST /users/new` in authorization flow.
Tom Hughes [Wed, 29 May 2024 18:18:23 +0000 (19:18 +0100)]
Merge remote-tracking branch 'upstream/pull/4860'
Andy Allan [Wed, 29 May 2024 17:49:30 +0000 (18:49 +0100)]
Re-enable autocomplete for passwords
Regression for
c4347c8d9a10bf5c141ad7d355594b93e20545f6
Thankfully browsers ignore this for login fields, but it shouldn't
be turned off anyway.
Andy Allan [Wed, 29 May 2024 17:48:01 +0000 (18:48 +0100)]
Re-enable translations for password field
Fixes regression introduced in
c4347c8d9a10bf5c141ad7d355594b93e20545f6
Tom Hughes [Wed, 29 May 2024 17:47:04 +0000 (18:47 +0100)]
Merge remote-tracking branch 'upstream/pull/4859'
Tom Hughes [Wed, 29 May 2024 16:58:21 +0000 (17:58 +0100)]
Merge remote-tracking branch 'upstream/pull/4853'
Tom Hughes [Wed, 29 May 2024 16:52:40 +0000 (17:52 +0100)]
Merge remote-tracking branch 'upstream/pull/4849'
Andy Allan [Wed, 29 May 2024 13:54:16 +0000 (14:54 +0100)]
Move check_api_readable to api_controller
It's easier to skip the check in the two places that we need to, and
include it by default everywhere else.
Andy Allan [Wed, 29 May 2024 13:45:35 +0000 (14:45 +0100)]
Test the versions and capabilities api in various statuses
These both need to keep working, even when the rest of the api is
unavailable, since that's how we communicate that status with the
api clients.
Andy Allan [Wed, 29 May 2024 13:33:20 +0000 (14:33 +0100)]
Standardise on avoiding except lists for check_api_readable
Although this is technically duplicative, it's much easier to read
and therefore to maintain, particularly if you put the _readable one
first.
Andy Allan [Wed, 29 May 2024 13:50:48 +0000 (14:50 +0100)]
Remove duplicate database status checks
These are already done as part of the api checks
Andy Allan [Wed, 29 May 2024 13:32:12 +0000 (14:32 +0100)]
Add api_status checks for user preferences API
Andy Allan [Wed, 29 May 2024 12:14:10 +0000 (13:14 +0100)]
Merge pull request #4856 from tyrasd/patch-2
reintroduce unsafe-eval CSP rule for iD (Mapillary layer)
Martin Raifer [Wed, 29 May 2024 09:26:08 +0000 (11:26 +0200)]
reintroduce unsafe-eval CSP rule for iD
fixes https://github.com/openstreetmap/iD/issues/10265
Nenad Vujicic [Mon, 27 May 2024 13:21:15 +0000 (15:21 +0200)]
Fixed "auth_button_preferred alignment" issue described in #4773
dependabot[bot] [Tue, 28 May 2024 23:29:15 +0000 (23:29 +0000)]
Bump osm-community-index from 5.7.0 to 5.7.1
Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 5.7.0 to 5.7.1.
- [Release notes](https://github.com/osmlab/osm-community-index/releases)
- [Changelog](https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md)
- [Commits](https://github.com/osmlab/osm-community-index/compare/v5.7.0...v5.7.1)
---
updated-dependencies:
- dependency-name: osm-community-index
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Tue, 28 May 2024 16:39:33 +0000 (17:39 +0100)]
Fix new rubocop warnings
Tom Hughes [Tue, 28 May 2024 16:30:50 +0000 (17:30 +0100)]
Update bundle
Tom Hughes [Tue, 28 May 2024 07:15:49 +0000 (08:15 +0100)]
Merge remote-tracking branch 'upstream/pull/4848'
Dimitar [Tue, 28 May 2024 07:12:31 +0000 (10:12 +0300)]
Added gps.tile.openstreetmap.org as allowed source for images
Resolves #4845
Tom Hughes [Mon, 27 May 2024 14:11:16 +0000 (15:11 +0100)]
Merge remote-tracking branch 'upstream/pull/4842'
Tom Hughes [Mon, 27 May 2024 14:05:43 +0000 (15:05 +0100)]
Merge remote-tracking branch 'upstream/pull/4828'
Tom Hughes [Mon, 27 May 2024 14:00:51 +0000 (15:00 +0100)]
Merge remote-tracking branch 'upstream/pull/4846'
Milan Cvetkovic [Mon, 27 May 2024 12:38:06 +0000 (12:38 +0000)]
Add proper referrer for authorization scenario
Fixes the following:
- `users_controller#new` loses referer in authorization scenario, when it was invoked after social signup succeded
- the second invocation of `auth_success`, triggered by re-authorization initiated from `users_controller#create`
does not have referrer field set
- as a result, the final welcome screen does not offer final authorization, and drops into ID instead
Introduced by #4758.
translatewiki.net [Mon, 27 May 2024 12:17:16 +0000 (14:17 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 27 May 2024 09:52:32 +0000 (10:52 +0100)]
Merge remote-tracking branch 'upstream/pull/4844'
Tom Hughes [Mon, 27 May 2024 09:48:30 +0000 (10:48 +0100)]
Merge remote-tracking branch 'upstream/pull/4838'
Tom Hughes [Mon, 27 May 2024 09:46:38 +0000 (10:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4837'
Tom Hughes [Mon, 27 May 2024 09:44:26 +0000 (10:44 +0100)]
Merge remote-tracking branch 'upstream/pull/4836'
Tom Hughes [Mon, 27 May 2024 09:42:50 +0000 (10:42 +0100)]
Merge remote-tracking branch 'upstream/pull/4835'
Tom Hughes [Mon, 27 May 2024 09:33:34 +0000 (10:33 +0100)]
Merge remote-tracking branch 'upstream/pull/4841'
Tom Hughes [Mon, 27 May 2024 09:31:33 +0000 (10:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4840'
Anton Khorev [Mon, 27 May 2024 01:20:39 +0000 (04:20 +0300)]
Replace png directions icon with inline svg
Anton Khorev [Sun, 26 May 2024 22:59:32 +0000 (01:59 +0300)]
Truncate username in user menu
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation
Martin Raifer [Sun, 26 May 2024 13:24:57 +0000 (15:24 +0200)]
update script-src CSP rules for iD
Martin Raifer [Sun, 26 May 2024 12:26:31 +0000 (14:26 +0200)]
allow data URIs for images in iD
Anton Khorev [Sun, 26 May 2024 03:28:19 +0000 (06:28 +0300)]
Remove unused #container css
Anton Khorev [Sun, 26 May 2024 02:38:27 +0000 (05:38 +0300)]
Replace .btn-wrapper with Bootstrap gutters/gaps
Anton Khorev [Sun, 26 May 2024 02:08:11 +0000 (05:08 +0300)]
Remove unused .browse_status css class
Anton Khorev [Sun, 26 May 2024 01:51:42 +0000 (04:51 +0300)]
Remove custom css from "Load Data" button
Tom Hughes [Sat, 25 May 2024 13:43:04 +0000 (14:43 +0100)]
Merge remote-tracking branch 'upstream/pull/4832'
Tom Hughes [Sat, 25 May 2024 13:31:44 +0000 (14:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4833'
Tom Hughes [Sat, 25 May 2024 13:30:06 +0000 (14:30 +0100)]
Merge remote-tracking branch 'upstream/pull/4829'
Tom Hughes [Sat, 25 May 2024 13:27:27 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4831'
Tom Hughes [Sat, 25 May 2024 13:27:21 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4830'
Anton Khorev [Sat, 25 May 2024 02:07:24 +0000 (05:07 +0300)]
Remove custom css from note descriptions
Anton Khorev [Sat, 25 May 2024 01:47:32 +0000 (04:47 +0300)]
Remove custom css from "Enable overlays" text
dependabot[bot] [Fri, 24 May 2024 23:50:16 +0000 (23:50 +0000)]
Bump osm-community-index from 5.6.3 to 5.7.0
Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 5.6.3 to 5.7.0.
- [Release notes](https://github.com/osmlab/osm-community-index/releases)
- [Changelog](https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md)
- [Commits](https://github.com/osmlab/osm-community-index/compare/v5.6.3...v5.7.0)
---
updated-dependencies:
- dependency-name: osm-community-index
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Fri, 24 May 2024 23:50:07 +0000 (23:50 +0000)]
Bump leaflet.locatecontrol from 0.81.0 to 0.81.1
Bumps [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 0.81.0 to 0.81.1.
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.81.0...v0.81.1)
---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Anton Khorev [Fri, 24 May 2024 18:18:27 +0000 (21:18 +0300)]
Keep header h1 height equal to default header height
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation
Tom Hughes [Fri, 24 May 2024 10:59:52 +0000 (11:59 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773
Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826
Tom Hughes [Fri, 24 May 2024 10:10:03 +0000 (11:10 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'
Nenad Vujicic [Fri, 24 May 2024 09:44:33 +0000 (11:44 +0200)]
Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773
Tom Hughes [Thu, 23 May 2024 17:25:29 +0000 (18:25 +0100)]
Merge remote-tracking branch 'upstream/pull/4827'
Nenad Vujicic [Thu, 23 May 2024 15:02:44 +0000 (17:02 +0200)]
Fixed "Top menu buttons" issue mentioned in the #4773
translatewiki.net [Thu, 23 May 2024 12:19:37 +0000 (14:19 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 22 May 2024 17:37:01 +0000 (18:37 +0100)]
Merge remote-tracking branch 'upstream/pull/4823'
Andy Allan [Wed, 22 May 2024 15:54:18 +0000 (16:54 +0100)]
Merge pull request #4627 from tomhughes/security-policy
Switch to using rails builtin content security policy support
Tom Hughes [Thu, 21 Mar 2024 20:32:12 +0000 (20:32 +0000)]
Switch to using rails builtin content security policy support
Andy Allan [Wed, 22 May 2024 11:32:38 +0000 (12:32 +0100)]
Merge pull request #4756 from tomhughes/text-muted
Replace deprecated text-muted class with text-body-secondary
Andy Allan [Wed, 22 May 2024 11:09:31 +0000 (12:09 +0100)]
Merge pull request #4758 from tomhughes/login-referer
Stop using the session to persist the referer during login
Andy Allan [Wed, 22 May 2024 11:06:38 +0000 (12:06 +0100)]
Merge pull request #4816 from tomhughes/login-focus
Make the login and signup screens focus on the first input
Tom Hughes [Mon, 6 May 2024 08:49:51 +0000 (09:49 +0100)]
Replace deprecated text-muted class with text-body-secondary
Andy Allan [Wed, 22 May 2024 09:54:32 +0000 (10:54 +0100)]
Merge pull request #4824 from AntonKhorev/no-user-button
Remove unnecessary user menu wrapper
Anton Khorev [Tue, 21 May 2024 22:38:21 +0000 (01:38 +0300)]
Remove unnecessary user menu wrapper
Anton Khorev [Tue, 21 May 2024 17:43:55 +0000 (20:43 +0300)]
Use .icon-link to align logo
Tom Hughes [Tue, 21 May 2024 17:34:52 +0000 (18:34 +0100)]
Merge remote-tracking branch 'upstream/pull/4822'
Tom Hughes [Tue, 21 May 2024 17:29:06 +0000 (18:29 +0100)]
Drop bogus html.dir from ne locale
Tom Hughes [Tue, 21 May 2024 17:21:56 +0000 (18:21 +0100)]
Fix new rubocop warnings
Tom Hughes [Tue, 21 May 2024 17:06:06 +0000 (18:06 +0100)]
Update bundle
Anton Khorev [Tue, 21 May 2024 16:57:16 +0000 (19:57 +0300)]
Remove inbox template and anchor id
translatewiki.net [Mon, 20 May 2024 12:14:53 +0000 (14:14 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 19 May 2024 18:37:30 +0000 (19:37 +0100)]
Make the login and signup screens focus on the first input
Fixes #4814
Tom Hughes [Sun, 19 May 2024 18:21:45 +0000 (19:21 +0100)]
Merge remote-tracking branch 'upstream/pull/4795'
Tom Hughes [Sun, 19 May 2024 17:58:46 +0000 (18:58 +0100)]
Merge remote-tracking branch 'upstream/pull/4812'
Tom Hughes [Sun, 19 May 2024 17:50:15 +0000 (18:50 +0100)]
Merge remote-tracking branch 'upstream/pull/4811'
Tom Hughes [Sun, 19 May 2024 17:47:56 +0000 (18:47 +0100)]
Merge remote-tracking branch 'upstream/pull/4810'
Tom Hughes [Sun, 19 May 2024 17:46:58 +0000 (18:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4808'
Tom Hughes [Sun, 19 May 2024 17:40:46 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4809'
Tom Hughes [Sun, 19 May 2024 17:40:40 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4804'
Sabih S [Sat, 18 May 2024 09:56:29 +0000 (09:56 +0000)]
chore: typo
Sabih S [Sat, 18 May 2024 08:47:52 +0000 (08:47 +0000)]
chore: clarify email reply text
Anton Khorev [Sat, 18 May 2024 00:41:26 +0000 (03:41 +0300)]
Don't skip heading levels on "fixthemap" page
Anton Khorev [Sat, 18 May 2024 00:26:14 +0000 (03:26 +0300)]
Remove unused .button class
Anton Khorev [Sat, 18 May 2024 00:13:56 +0000 (03:13 +0300)]
Fix css section comments
Anton Khorev [Sat, 18 May 2024 00:11:04 +0000 (03:11 +0300)]
Set check/x display property using .d-block
Anton Khorev [Fri, 17 May 2024 23:49:21 +0000 (02:49 +0300)]
Remove font size class from "Start mapping" container
It doesn't affect the button font, only the spacing around.
Anton Khorev [Fri, 17 May 2024 23:42:55 +0000 (02:42 +0300)]
Remove .clearfix
Floats are no longer used on the welcome page.