cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10736 commits 4 branches 1 tag 499 MiB
Commit graph

100 commits

Author SHA1 Message Date
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
d4130bcac8 Fix the Redirect warnings from Brakeman 
Unfortunately I've had to leave the check disabed as Brakeman
can't see inside the safe_referer method so doesn't realise that
it is cleaning the referer.
 2020-07-22 19:23:46 +01:00
Tom Hughes
66ec3cd845 Add blob to frame-src in CSP for iD 
Fixes #2582
Closes #2583
 2020-04-09 18:43:12 +01:00
Tom Hughes
3426976606 Merge remote-tracking branch 'upstream/pull/2444' 2019-12-30 22:34:24 +00:00
Tom Hughes
ac6a872a48 Avoid errors when /edit is called on an invalid object 2019-12-16 21:23:09 +00:00
Mayank Tankhiwale
9f7ec064e4 Fix #2402 
1. Modified about routes
2. Accept the new params in site#about
3. Update about.html.erb
 2019-11-23 20:26:19 +05:30
Andy Allan
f77d4dc4f7 Avoid stating the action to render when it just matches the current action 2019-06-26 14:50:35 +02:00
Tom Hughes
141df02e67 Move status into the settings object 
Only the very early boot code needs to look at the value
from the environment directly.
 2019-03-17 11:15:34 +00:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
Andy Allan
fb2c1f6cfd Refactor site#welcome to use abilities instead of require_user 2018-10-10 11:49:45 +02:00
Andy Allan
420a7289a0 Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz 2018-10-10 11:26:30 +02:00
Tom Hughes
640ea955fe Remove script sources which are no longer needed by iD 2018-07-26 17:44:16 +01:00
Chris Flipse
b16aa11f65 fix tests for site controller 2018-06-17 13:56:23 -04:00
Andy Allan
ffa65d4d72 Add cancancan and the first ability definitions for site_controller 2018-06-17 13:56:23 -04:00
Tom Hughes
a516d13d33 Allow iD to access ESRI imagery metadata 2018-06-06 14:25:52 +01:00
Tom Hughes
c5d3335a6c Allow inline styles in iD 2018-05-18 20:28:09 +01:00
Tom Hughes
9227f6aecd Allow iD to access wikidata 2018-05-16 11:36:46 +01:00
Tom Hughes
8d41015673 Allow iD to access wikipedia 2018-05-16 08:48:38 +01:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Tom Hughes
afa5d420d3 Allow iD to fetch gpx files from arbitrary locations 2017-11-24 08:38:51 +00:00
Tom Hughes
527ec293c2 Fix security policy for mapillary in iD 2017-11-24 01:09:27 +00:00
Tom Hughes
4950ae3c1f Allow iD to connect to nominatim 2017-11-24 00:10:38 +00:00
Tom Hughes
7ce94ad0ec Add openstreetcam.org to security policy for iD 2017-11-16 10:17:22 +00:00
Andy Allan
6f89da05d1 Use current_user to represent the currently logged in user. 
This is already used by the oauth plugin, and is a general rails convention.
 2017-07-12 16:10:50 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
2357118c46 Avoid using format as a URL parameter name 
This prevents rails confusing it with the builtin format
parameter derived from the URL extension.
 2017-06-03 12:08:35 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
96c91757fc Don't try and look up traces until the user is logged in 
Fixes #1411
 2017-01-11 21:11:37 +00:00
Tom Hughes
777b19c775 Make export action send TOTP cookie 2017-01-02 22:51:18 +00:00
Tom Hughes
9a82ae069a Remove dot prefix from cookie domain 2017-01-02 21:33:58 +00:00
Tom Hughes
d83cc0f15b Reduce TOTP cookie expiry to one hour 2017-01-02 21:17:37 +00:00
Tom Hughes
17135cad03 Add support for generating TOTP cookies 
This allows other sites in the openstreetmap.org domain to validate
that requests are coming from a www.openstreetmap.org user.
 2017-01-02 19:01:01 +00:00
Tom Hughes
c8f26592a7 Fix rubocop warnings 2016-12-02 22:01:40 +00:00
Tom Hughes
dbe165bbb3 Fix some rubocop rails style issues 2015-02-26 00:12:54 +00:00
Tom Hughes
dc2a2c8ebd Standardise on double quoted strings 2015-02-20 19:47:26 +00:00
Tom Hughes
5cbd4038ed Fix rubocop style issues 2015-02-20 08:56:16 +00:00
Tom Hughes
ef7f3d800c Fix most auto-correctable rubocop issues 2015-02-20 08:56:16 +00:00
Tom Hughes
96e1665c01 Update to rails 4.1.6 2014-10-02 19:54:21 +01:00
Tom Hughes
c9e9ef1a89 Rewrite layer parameters in shortlinks correctly 
Fixes #762
 2014-06-17 21:15:36 +01:00
Tom Hughes
5a830b2845 Don't force a login to use a remote editor 
Fixes #754
 2014-06-15 11:00:49 +01:00
Tom Hughes
47841829d8 Improve redirection of shortlinks 
If a shortlink includes an object reference then redirect to a new
style browse URL for that object.

Fixes #702
 2014-02-15 12:42:52 +00:00
Tom Hughes
04ad0f6251 Do basic testing of all site controller methods 2013-12-07 17:21:17 +00:00
Tom Hughes
a51b4c869e Use the map layout when rendering index for a remote edit 2013-12-05 10:40:07 +00:00
Tom Hughes
50fafa14f8 Improve zoom level selection when invoking Potlatch on an object 
When invoking Potlatch on a node/way/relation object we should
normally have valid location information in the map parameters, so
use any zoom which is there if possible, otherwise fall back to an
object type specific default value.

Fixes #605.
 2013-12-03 15:06:34 +00:00
Tom Hughes
315d1dab54 Redirect /?query= to /search?query= 2013-11-30 12:38:44 +00:00
John Firebaugh
2b4f8e92c9 Merge branch 'master' into redesign 
Conflicts:
	app/controllers/browse_controller.rb
	app/views/layouts/_head.html.erb
	config/environments/production.rb
	config/routes.rb
 2013-11-15 16:47:49 -08:00
Tom Hughes
559a822f59 Setup OAuth when rendering site#index from site#edit 2013-10-31 20:52:43 +00:00