cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15422 commits 4 branches 1 tag 499 MiB
Commit graph

447 commits

Author SHA1 Message Date
Tom Hughes
84abb70f17 Default rails generated cookies to SameSite=Lax 2021-05-17 18:39:22 +01:00
Tom Hughes
c4d2f74408 Switch to new defaults for queue names 2021-05-13 20:41:41 +01:00
Tom Hughes
c7ad888015 Enable new Active Job defaults 2021-05-13 20:26:14 +01:00
Tom Hughes
94c5151064 Enable link header for asset preloading 2021-05-13 19:57:47 +01:00
Tom Hughes
32ebe67c00 Enable new connection handling API 2021-05-13 19:54:07 +01:00
Tom Hughes
afc4c6fde1 Enable use of URL safe CSRF tokens 2021-05-13 19:52:02 +01:00
Tom Hughes
a71b8af4d1 Update to rails 6.1.3.2 2021-05-12 18:49:21 +01:00
Tom Hughes
4d164df5b8 Drop monkey patch that is no longer needed with rails 6 2021-05-10 20:17:44 +01:00
Tom Hughes
1ba10fa9ac Drop monkey patch that is no longer required 2021-05-10 18:52:34 +01:00
Tom Hughes
46eae20478 Monkey patch oauth gem to avoid use of deprecated URI.unescape 2021-04-26 22:10:45 +01:00
Tom Hughes
89456c8b40 Handle UTF-8 correctly in monkey patched OAuth::Helper.escape 
Fixes #3185
 2021-04-26 22:10:45 +01:00
Tom Hughes
ad6c0d3eba Monkey patch oauth gem to avoid use of deprecated URI.escape 2021-04-22 18:53:27 +01:00
Andy Allan
bb2afc3e8b Prevent addition of style attributes to all elements 2021-03-24 20:55:30 +00:00
Andy Allan
d7eac9b5a8 Strip away class attributes from sanitized outputs 
There's a lot of shenanigans that are possible when you can apply
arbitrary classes to the rendered output.
 2021-03-24 19:15:21 +00:00
Andy Allan
f442bb9e80 Rework configuration to use Sanitize::Config.merge 
This is the recommended approach, and works better when dealing with deeper attributes
 2021-03-24 18:19:14 +00:00
Tom Hughes
f91dd6afc2 Tighten up cookie security 
Mark all cookies as Secure, and the cookies which are not
modified client side as HttpOnly.
 2021-02-19 18:18:13 +00:00
Tom Hughes
cea93e7244 Fix new rubocop warnings 2021-02-02 18:56:29 +00:00
Andy Allan
78bf2993e4 Refactor richtext fields to use a custom bootstrap_form input. 
This allows us to use form_group_builder and get all the label and
help text handling in line with other bootstrap_form inputs.
 2021-01-13 14:05:39 +00:00
Tom Hughes
b7d6243aff Restore ruby 2.5 compatibility 2021-01-11 20:04:13 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
3e150205ad Remove unnecessary inflection 2021-01-01 11:54:29 +00:00
Tom Hughes
eada36ff96 Switch to using the zeitwork autoloader 2020-12-30 20:30:21 +00:00
Tom Hughes
e392556444 Revert "Switch to using the zeitwork autoloader" 
This reverts commit 127880a73f.
 2020-12-29 19:29:36 +00:00
Tom Hughes
127880a73f Switch to using the zeitwork autoloader 2020-12-29 18:42:22 +00:00
Tom Hughes
5d96da3b67 Merge remote-tracking branch 'upstream/pull/2983' into master 2020-11-25 16:59:23 +00:00
Andy Allan
7b0de13c61 Allow smtp settings to be configured through the settings system 
This allows easier configuration using the settings.local.yml files

Fixes #2571
 2020-11-25 16:12:49 +00:00
Tom Hughes
d516ba5335 Add bootstrap classes to markdown tables 2020-11-19 10:17:21 +00:00
Tom Hughes
70c4a750d7 Fix new rubocop warnings 2020-09-16 08:28:25 +01:00
Tom Hughes
2651db7254 Fix Lint/MissingSuper warnings 2020-08-09 19:06:04 +01:00
Tom Hughes
9be62ca4bb Allow image loading from tileserver.memomaps.de 2020-07-08 19:07:49 +01:00
Tom Hughes
9f993fe8c8 Fix new rubocop warnings 2020-07-07 10:44:52 +01:00
Tom Hughes
1739bf6832 Merge remote-tracking branch 'upstream/pull/2639' 2020-06-03 17:19:03 +01:00
Tom Hughes
b10e0c46de Merge remote-tracking branch 'upstream/pull/2638' 2020-06-03 17:13:49 +01:00
Andy Allan
f33f1f297e Use rails 6.0 framework defaults 
Keep the old autoloader and utf-8 forms as they were, for now.
 2020-06-03 13:45:07 +02:00
Andy Allan
b52aa72aa6 Remove the framework defaults initializer for 5.2 
We're already using these defaults, as per 6a25ee9ec9
so we don't need to keep this file
 2020-06-03 11:47:33 +02:00
Andy Allan
cc3ea94e2f Remove ineffective query cache disable initializer 
This doesn't have any effect, since there is no middleware by that name.
 2020-06-03 11:19:09 +02:00
Andy Allan
32e46ad4e3 Remove tempfile patch for trace data 
Effectively reverts c0d2ad40c3

This patch is no longer required, since we only use send_data in
combination with Tempfile.read and that all works fine.
 2020-04-22 15:16:46 +02:00
Tom Hughes
62247da244 Remove last traces of konacha 2020-04-20 19:14:58 +01:00
Tom Hughes
da80a7bd08 Add tile.openstreetmap.org to security policy 2020-04-14 00:03:55 +01:00
Andreas Geyer-Schulz
f6f23ed0ee
Fix typo: change 'noreferer' to 'noreferrer' 
as the correct rel attribute in external links.
 2020-01-25 20:10:23 +01:00
Tom Hughes
4ee60c0f8f Make all translation lookup errors throw exceptions in test mode 2019-12-16 21:54:11 +00:00
Tom Hughes
57f5b7840e Fix rubocop warnings 2019-12-04 19:31:53 +00:00
Tom Hughes
22cd2314e5 Update to rails 6.0.1 2019-11-24 11:05:02 +00:00
Tom Hughes
30accae458 Update to sprockets 4.x 2019-10-22 20:20:43 +01:00
Tom Hughes
d96a5c9c87 Switch to use v4.0 of the Facebook API for authentication 2019-10-08 18:36:27 +01:00
Tom Hughes
754e566f45 Exclude phantomjs from generic webkit as it's ancient 
Fixes #2339
 2019-08-05 20:41:22 +01:00
Tom Hughes
5a54cb52f8 Drop paperclip 2019-07-17 19:12:30 +01:00
Tom Hughes
f597780822 Increase expiry for Active Storage URLs 2019-07-16 08:25:17 +01:00
Tom Hughes
e3f37bb30c Allow BMP images to be transformed 
https://github.com/rails/rails/issues/35953
https://github.com/rails/rails/pull/36051
 2019-07-16 00:24:37 +01:00