cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8808 commits 4 branches 1 tag 499 MiB
Commit graph

155 commits

Author SHA1 Message Date
Tom Hughes
22af018298 Update translation keys for renaming of user to users 2018-10-29 12:48:20 +00:00
Andy Allan
3ec67ea2d3 Rename user_controller to users_controller 2018-10-03 15:31:10 +02:00
Tom Hughes
64146b4f36 Fix Style/SafeNavigation rubocop warnings 2018-09-22 17:21:06 +01:00
Tom Hughes
727ee97a3f Allow inline javascript and CSS in better_errors pages 2018-06-17 11:33:51 +01:00
J Guthrie
30756f72ca Change language immediately after updating settings 
Closes #1883
 2018-05-27 15:12:34 +01:00
Peter Karich
1cea6b363a Use XHR instead of jsonp for GraphHopper 
Closes #1872
 2018-05-17 20:47:58 +01:00
Tom Hughes
50f85248db Use https to launch the remote editor except for modern browsers 
Currently only Chrome 53+ and Firefox 55+ are known to support loading
of http resources from localhost for an https page.
 2018-05-15 14:21:09 +01:00
Tom Hughes
79284a0fcd Add frame-src to allow http://127.0.0.1:8111 2018-05-15 12:43:37 +01:00
Tom Hughes
0e810db927 Make CSP rule for the remote control explicitly allow http 2018-05-13 16:01:39 +01:00
Andy Allan
7b2af50f4a Refactor @this_user to @user 
Historically we used @user for the currently logged in user, but
this was changed to `current_user` in 2017.
 2018-04-11 11:42:33 +08:00
Tom Hughes
1f2ac59d1d Fix new rubocop warnings 2018-03-26 19:00:03 +01:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Tom Hughes
9cf698322c Merge remote-tracking branch 'upstream/pull/1707' 2018-01-13 10:35:42 +00:00
Tom Hughes
9340c46173 Remove dependencies on mapzen services 2018-01-02 18:45:20 +00:00
Guillaume RISCHARD
ca36cf2826 Remove support for soon discontinued josm remote https endpoint 2017-12-16 16:15:52 +01:00
Tom Hughes
986779966b Extend form-action policies for Chrome 
It seems that unlike other browsers Chrome requires that if a form
submission redirects that the redirected URL also match the form-action
policy rather than just requiring the original URL to match.
 2017-11-25 12:04:02 +00:00
Tom Hughes
6a1a4a3f7d Fix remote editing security policy 2017-11-24 00:46:27 +00:00
Tom Hughes
2cd81daf34 Add security policy for remote control editing 2017-11-24 00:43:14 +00:00
Tom Hughes
bb116b85df Allow third party images in user content 2017-11-23 22:39:05 +00:00
Tom Hughes
cea455d390 Update for ActionView::Template::Error change 2017-10-27 19:25:49 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
ebeea34670 Replace @user with @current_user 
This ensures that that we will find any more hidden references
to @user that might be hanging around...
 2017-07-27 19:44:14 +01:00
Andy Allan
09ba878519 Convert @user to current_user 2017-07-27 10:31:31 +01:00
Andy Allan
c819bec8b7 Use a current_user helper for accessing the logged in user in all views. 2017-07-27 10:07:51 +01:00
Andy Allan
41000078b9 Convert remaining controller code to use current_user 
The `self.current_user` is important when assigning to the current user,
to avoid creating a local variable called `current_user`
 2017-07-27 10:07:51 +01:00
Tom Hughes
81deb35331 Update to rails 5.0.4 2017-06-27 08:26:44 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
5cdb835de3 Show offline/readonly messages as normal flash messages 2017-03-10 16:30:04 +00:00
Tom Hughes
88d16deadd Detect a timeout encapsulated in ActionView::Template::Error 
Fixes #1476
 2017-03-06 17:50:09 +00:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
428e7d6baa Merge remote-tracking branch 'openstreetmap/pull/1467' 2017-02-26 22:22:48 +00:00
Simon Poole
12013f60a0 Externalize message about missing OAuth capabilities/permissions and make it less technical 2017-02-26 21:43:43 +01:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
af72cb51e9 Fix rubocop warnings 2017-02-18 16:18:04 +00:00
Simon Poole
58c61c7962 Actually use user_block 2017-02-18 16:17:46 +01:00
Simon Poole
823f6b4d36 Add functionality to return a specific message for zero hour blocks 2017-02-18 13:53:21 +01:00
Tom Hughes
9fb382eaa9 Initialise locale before looking up user blocked error 2017-02-17 19:59:06 +00:00
Tom Hughes
777b19c775 Make export action send TOTP cookie 2017-01-02 22:51:18 +00:00
Tom Hughes
c8f26592a7 Fix rubocop warnings 2016-12-02 22:01:40 +00:00
Tom Hughes
ec6e096274 Remove redundant creation of an exception object 2016-12-02 09:38:18 +00:00
Matt Amos
8b03371e10 Make API and web roll back any open transactions on timeout 
By default the exception thrown by Timeout::timeout is caught
using Kernel::catch so that it cannot be stopped by intermediate
exception handlers. The problem with that is that it stops any
database transactions that were in progress being rolled back
because they never see the exception.

Fortunately passing a class to Timeout::timeout changes it's
behaviour so that the exception is thrown and caught in the normal
way, allowing the database transactions to rollback.
 2016-12-02 09:31:45 +00:00
Tom Hughes
e17b89e89f Fix rubocop warnings 2016-10-20 22:35:51 +01:00
Tom Hughes
5d3ecffa28 Fix new rubocop warnings 2016-02-05 13:35:26 +00:00
Tom Hughes
8fe1899596 Fix rubocop warnings 2016-01-19 09:51:24 +00:00
Tom Hughes
4028f4cdb9 Rework locale selection 
Implement our own matching algorithm rather than trying to
patch the http_accept_language one and make sure everything is
using it in a consistent way.

Fixes #1125
 2016-01-06 18:43:25 +00:00
Bryan Housel
bd4de52c98 Support using iD on Internet Explorer 11 and above 2015-12-10 18:34:33 -08:00
Tom Hughes
c9d35839be Fix new rubocopy warnings 2015-08-18 20:57:14 +01:00
Tom Hughes
21d60e359a Tests! 2015-03-04 21:49:43 +00:00