cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve the content security policy

Browse source
This commit is contained in:
Tom Hughes 2017-03-01 22:38:24 +00:00
parent d7b4f88d5e
commit c5ef6404f5
4 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/application_controller.rb
View file

@ -410,7 +410,8 @@ class ApplicationController < ActionController::Base
def map_layout
append_content_security_policy_directives(
:connect_src => %w(nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com),
:script_src => %w(graphhopper.com open.mapquestapi.com)
:script_src => %w(graphhopper.com open.mapquestapi.com),
:img_src => %w(developer.mapquest.com)
)
request.xhr? ? "xhr" : "map"

3
app/controllers/site_controller.rb
View file

@ -72,7 +72,8 @@ class SiteController < ApplicationController
if editor == "potlatch" || editor == "potlatch2"
append_content_security_policy_directives(
:object_src => %w(*),
:plugin_types => %w(application/x-shockwave-flash)
:plugin_types => %w(application/x-shockwave-flash),
:script_src => %w('unsafe-inline')
)
end