cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15422 commits 4 branches 1 tag 499 MiB
Commit graph

447 commits

Author SHA1 Message Date
Tom Hughes
f42a7a2d8d Make sanitize convert text alignment styles to bootstrap classes 
The kramdown converter for markdown uses inline styles for table
column alignment which gets lost when we strip the styles so add
bootstrap classes to replace it.
 2023-01-09 11:10:11 +00:00
Tom Hughes
6033359bd0 Preserve rel=me on links in rich text 
Fixes #3859
 2022-12-29 18:02:23 +00:00
Tom Hughes
23f73d0be0 Avoid duplicate initialisation warnings 2022-12-10 15:33:49 +00:00
Tom Hughes
8cef62cd2c Merge remote-tracking branch 'upstream/pull/3301' 2022-11-22 18:47:24 +00:00
Andy Allan
aab33eee87 Use rails 7.0 configuration defaults 
All the entries in the new framework defaults were enabled a while
ago, apart from the cookies serializer which is already defined in
config/initializers/cookies_serializer.rb
 2022-11-16 15:29:30 +00:00
Tom Hughes
5a28ff2901 Require multi_json for windowslive logins 
The windowslive omniauth plugin needs multi_json but doesn't require
it and the omniauth core is no longer doing so.
 2022-10-16 19:28:37 +01:00
Tom Hughes
00112700d7 Update doorkeeper to 5.6.0 2022-09-12 19:27:33 +01:00
Adam Hoyle
7e5cbe87ed Merge branch 'master' into feature/add-communities-page 
# Conflicts:
#	Gemfile.lock
#	package.json
#	yarn.lock
 2022-09-10 16:13:17 +01:00
Tom Hughes
9cd96bd452 Fix new rubocop warnings 2022-09-09 22:45:58 +01:00
Tom Hughes
fb362ef0d8 Enable brotli compression for assets 2022-08-03 19:01:24 +01:00
Andy Allan
83a0ea14f1 Refactor i18n so that all community information is available 
This makes it easier to use non-chapter communities on the site in future.
 2022-08-03 10:11:30 +01:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
21d52f2d3f Monkey patch MailDeliveryJob to work with delayed_job under ruby 3 
The delayed_job gem does not currently perserve keyword arguments
properly leading to errors when running under ruby 3 and try to run
a job that requires them.

This affects our deferred mail deliveries so we monkey patch the
mail delivery job to unpack the hash from the normal arguments and
use it to provide the expected keyword arguments.

https://github.com/collectiveidea/delayed_job/issues/1134
 2022-07-23 12:12:29 +01:00
Tom Hughes
6ef6ddc14d Make database_offline mode work 
Fixes #3529
 2022-04-11 20:28:11 +01:00
Tom Hughes
ddb140f387 Switch to using vips for image processing 2022-03-02 19:44:56 +00:00
Andy Allan
e530d4f54d Move the i18n loading to an initializer 
Use after_initialize to avoid rails resetting the translations
 2022-03-02 16:24:02 +00:00
Tom Hughes
304eb3b75c Enable open redirect protection 2022-03-01 18:39:08 +00:00
Tom Hughes
172a71e3f2 Disable partial inserts 2022-02-22 19:16:10 +00:00
Tom Hughes
5b3edb8075 Switch to rails 7 default headers 
These are basically all the same as what secure_headers
was already setting for us anyway.
 2022-02-22 19:13:02 +00:00
Tom Hughes
a5508cfba1 Enable automatic scope inversing 2022-02-21 19:11:58 +00:00
Tom Hughes
b86390d303 Use a button element for button_to 2022-02-21 19:11:58 +00:00
Tom Hughes
999ebb1bf2 Default to not specifying media restrictions on stylesheet tags 2022-02-21 19:11:58 +00:00
Tom Hughes
04cb32b140 Enable verification of foreign keys in tests 2022-02-21 19:11:58 +00:00
Tom Hughes
fbd45a2ea0 Wrap test execution for better isolation 2022-02-17 19:30:19 +00:00
Tom Hughes
890569fba7 Enable some rails 7.x defaults 2022-02-17 19:18:03 +00:00
Tom Hughes
28900676f3 Default to allowing TLS for SMTP but without peer verification 2022-02-17 00:54:11 +00:00
Tom Hughes
aec7af87d7 Disable peer host name validation when sending email 2022-02-16 22:48:26 +00:00
Andy Allan
ce4fbc63ec
Merge pull request #3414 from tomhughes/rails7 
Update to rails 7.x
 2022-02-16 15:16:53 +00:00
Andy Allan
2fabc46421
Merge pull request #3440 from mmd-osm/relationmemberlimit 
Introduce relation member limit
 2022-02-16 14:58:30 +00:00
Tom Hughes
7eafdca51c Update to rails 7.0.2.2 2022-02-16 14:26:57 +00:00
Tom Hughes
1612ea75c5 Allow trace image URL to be configured in the CSP policy 2022-02-13 19:25:42 +00:00
mmd-osm
2efd73c672 Introduce relation member limit 
Adds a new parameter `max_number_of_relation_members` in settings.yml
 2022-02-02 13:15:40 +01:00
Tom Hughes
7de3143525 Switch to 6.1 defaults as everything has been enabled for some time 2021-12-30 19:55:13 +00:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
Tom Hughes
bb5954e489 Drop unused browser feature predicates 2021-11-19 18:10:50 +00:00
Tom Hughes
ad0cfee788 Fix boot warnings for autoloaded constants in initializers 2021-11-16 19:08:26 +00:00
Tom Hughes
64604a852f Add a privileged scope that allows authorization to be skipped 2021-08-26 17:22:25 +01:00
Tom Hughes
6c6e8883f7 Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
Tom Hughes
ba8093f13a Allow cross origin access to OAuth 2 token endpoints 2021-07-06 19:30:05 +01:00
Tom Hughes
9db8488e7f Allow cross origin access to trace data 
Fixes #3252
 2021-07-06 19:29:42 +01:00
Tom Hughes
e9010306c5 Enable access token reuse for OAuth 2 2021-06-24 20:40:23 +01:00
Tom Hughes
76b45e5dde Update doorkeeper configuration file from master template 2021-06-24 20:40:23 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Tom Hughes
1096b3b8e2 Don't mark banner cookies as HttpOnly 
Fixes #3231
 2021-06-23 15:08:45 +01:00
Tom Hughes
baa32464cd Drop last vestiges of ruby 2.5 support 2021-06-08 20:33:25 +01:00
Tom Hughes
29032847d9 Set a referrer policy 2021-06-04 21:50:15 +01:00
Tom Hughes
aa9ce8b6db Allow OAuth 2 to redirect to plain HTTP for localhost 2021-05-18 12:05:33 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
be9a9a1556 Enable variant tracking for Active Storage 2021-05-17 19:29:12 +01:00
Tom Hughes
a533d341f0 Enable some more rails 6.1 defaults 2021-05-17 19:20:32 +01:00