cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/5469'

Browse source
This commit is contained in:
Tom Hughes 2025-01-05 16:14:18 +00:00
commit 3faf9a77f7
4 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/application_controller.rb
View file

@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base
helper_method :oauth_token helper_method :oauth_token
def self.allow_thirdparty_images(**options) def self.allow_thirdparty_images(**options)
content_security_policy(options) do |policy| content_security_policy(**options) do |policy|
policy.img_src("*", :data) policy.img_src("*", :data)
end end
end end

2
app/controllers/diary_comments_controller.rb
View file

@ -13,7 +13,7 @@ class DiaryCommentsController < ApplicationController
before_action :lookup_user, :only => :index before_action :lookup_user, :only => :index
before_action :check_database_writable, :only => [:create, :hide, :unhide] before_action :check_database_writable, :only => [:create, :hide, :unhide]
allow_thirdparty_images :only => :index allow_thirdparty_images :only => [:index, :create]
def index def index
@title = t ".title", :user => @user.display_name @title = t ".title", :user => @user.display_name

1
test/controllers/diary_comments_controller_test.rb
View file

@ -104,6 +104,7 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
end end
assert_response :success assert_response :success
assert_template :new assert_template :new
assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
# Now try again with the right id # Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do

3
test/controllers/users_controller_test.rb
View file

@ -57,6 +57,8 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
get user_new_path, :params => { :cookie_test => "true" } get user_new_path, :params => { :cookie_test => "true" }
assert_response :success assert_response :success
assert_no_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
assert_select "html", :count => 1 do assert_select "html", :count => 1 do
assert_select "head", :count => 1 do assert_select "head", :count => 1 do
assert_select "title", :text => /Sign Up/, :count => 1 assert_select "title", :text => /Sign Up/, :count => 1
@ -297,6 +299,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
get user_path(user) get user_path(user)
assert_response :success assert_response :success
assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
assert_select "div.content-heading" do assert_select "div.content-heading" do
assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1