openstreetmap-website

Author	SHA1	Message	Date
Tom Hughes	9340c46173	Remove dependencies on mapzen services	2018-01-02 18:45:20 +00:00
Tom Hughes	986779966b	Extend form-action policies for Chrome It seems that unlike other browsers Chrome requires that if a form submission redirects that the redirected URL also match the form-action policy rather than just requiring the original URL to match.	2017-11-25 12:04:02 +00:00
Tom Hughes	6a1a4a3f7d	Fix remote editing security policy	2017-11-24 00:46:27 +00:00
Tom Hughes	2cd81daf34	Add security policy for remote control editing	2017-11-24 00:43:14 +00:00
Tom Hughes	bb116b85df	Allow third party images in user content	2017-11-23 22:39:05 +00:00
Tom Hughes	cea455d390	Update for ActionView::Template::Error change	2017-10-27 19:25:49 +01:00
Tom Hughes	8dae890a76	Fix rubocop warnings	2017-10-05 19:18:38 +01:00
Tom Hughes	ebeea34670	Replace @user with @current_user This ensures that that we will find any more hidden references to @user that might be hanging around...	2017-07-27 19:44:14 +01:00
Andy Allan	09ba878519	Convert @user to current_user	2017-07-27 10:31:31 +01:00
Andy Allan	c819bec8b7	Use a current_user helper for accessing the logged in user in all views.	2017-07-27 10:07:51 +01:00
Andy Allan	41000078b9	Convert remaining controller code to use current_user The `self.current_user` is important when assigning to the current user, to avoid creating a local variable called `current_user`	2017-07-27 10:07:51 +01:00
Tom Hughes	81deb35331	Update to rails 5.0.4	2017-06-27 08:26:44 +01:00
Tom Hughes	18c8946556	Use explicit to_unsafe_h method when converting parameters to a hash	2017-06-05 22:44:15 +01:00
Tom Hughes	ff97501ed0	Remove all use of the :text option to render It doesn't actually do what it says, as it sets the content type to text/html not text/plain so is just confusing and as a result has been deprecated in newer rails versions.	2017-06-02 19:12:05 +01:00
Tom Hughes	5b33f3f8e3	Fix rubocop warnings	2017-06-02 00:08:30 +01:00
Tom Hughes	5cdb835de3	Show offline/readonly messages as normal flash messages	2017-03-10 16:30:04 +00:00
Tom Hughes	88d16deadd	Detect a timeout encapsulated in ActionView::Template::Error Fixes #1476	2017-03-06 17:50:09 +00:00
Tom Hughes	c5ef6404f5	Improve the content security policy	2017-03-01 22:38:24 +00:00
Tom Hughes	428e7d6baa	Merge remote-tracking branch 'openstreetmap/pull/1467'	2017-02-26 22:22:48 +00:00
Simon Poole	12013f60a0	Externalize message about missing OAuth capabilities/permissions and make it less technical	2017-02-26 21:43:43 +01:00
Tom Hughes	40a8e5caf5	Add support for Content-Security-Policy Currently this is report only, and disabled unless a report URL has been set in the application configuration.	2017-02-26 19:48:13 +00:00
Tom Hughes	af72cb51e9	Fix rubocop warnings	2017-02-18 16:18:04 +00:00
Simon Poole	58c61c7962	Actually use user_block	2017-02-18 16:17:46 +01:00
Simon Poole	823f6b4d36	Add functionality to return a specific message for zero hour blocks	2017-02-18 13:53:21 +01:00
Tom Hughes	9fb382eaa9	Initialise locale before looking up user blocked error	2017-02-17 19:59:06 +00:00
Tom Hughes	777b19c775	Make export action send TOTP cookie	2017-01-02 22:51:18 +00:00
Tom Hughes	c8f26592a7	Fix rubocop warnings	2016-12-02 22:01:40 +00:00
Tom Hughes	ec6e096274	Remove redundant creation of an exception object	2016-12-02 09:38:18 +00:00
Matt Amos	8b03371e10	Make API and web roll back any open transactions on timeout By default the exception thrown by Timeout::timeout is caught using Kernel::catch so that it cannot be stopped by intermediate exception handlers. The problem with that is that it stops any database transactions that were in progress being rolled back because they never see the exception. Fortunately passing a class to Timeout::timeout changes it's behaviour so that the exception is thrown and caught in the normal way, allowing the database transactions to rollback.	2016-12-02 09:31:45 +00:00
Tom Hughes	e17b89e89f	Fix rubocop warnings	2016-10-20 22:35:51 +01:00
Tom Hughes	5d3ecffa28	Fix new rubocop warnings	2016-02-05 13:35:26 +00:00
Tom Hughes	8fe1899596	Fix rubocop warnings	2016-01-19 09:51:24 +00:00
Tom Hughes	4028f4cdb9	Rework locale selection Implement our own matching algorithm rather than trying to patch the http_accept_language one and make sure everything is using it in a consistent way. Fixes #1125	2016-01-06 18:43:25 +00:00
Bryan Housel	bd4de52c98	Support using iD on Internet Explorer 11 and above	2015-12-10 18:34:33 -08:00
Tom Hughes	c9d35839be	Fix new rubocopy warnings	2015-08-18 20:57:14 +01:00
Tom Hughes	21d60e359a	Tests!	2015-03-04 21:49:43 +00:00
Tom Hughes	dbe165bbb3	Fix some rubocop rails style issues	2015-02-26 00:12:54 +00:00
Tom Hughes	a6b84a0294	Fix more rubocop style issues	2015-02-24 23:12:02 +00:00
Tom Hughes	dc2a2c8ebd	Standardise on double quoted strings	2015-02-20 19:47:26 +00:00
Tom Hughes	5cbd4038ed	Fix rubocop style issues	2015-02-20 08:56:16 +00:00
Tom Hughes	baf10cd392	Fix rubocop lint issues	2015-02-20 08:56:16 +00:00
Tom Hughes	ef7f3d800c	Fix most auto-correctable rubocop issues	2015-02-20 08:56:16 +00:00
Tom Hughes	34e3e51456	Cleanup trailing whitespace	2015-02-20 08:56:16 +00:00
Tom Hughes	4e6fe811a0	Don't render the offline page for XHR requests	2014-12-14 00:32:50 +00:00
Tom Hughes	96e1665c01	Update to rails 4.1.6	2014-10-02 19:54:21 +01:00
Tom Hughes	49a4efcfa0	Don't offer iD on IE11	2013-11-30 17:53:42 +00:00
John Firebaugh	6b236ec95b	Fix feed link for pushState loaded history page	2013-11-25 15:47:42 -08:00
John Firebaugh	44629832dd	Merge branch 'master' into redesign Conflicts: vendor/assets/leaflet/leaflet.hash.js vendor/assets/leaflet/leaflet.js	2013-11-19 09:42:47 -08:00
Tom Hughes	41e45bad51	Remove the _osm_username cookie and session validation logic This was a temporary hack to workaround issues with sessions getting mixed up at the time of the rails 3.1 upgrade, but logs indicate that whatever the original problem was it is no longer occurring.	2013-11-17 21:52:39 +00:00
John Firebaugh	a5b784bdf7	Replace Vary header with explicit xhr=1 param IE10 doesn't respect the Vary header.	2013-11-08 17:11:54 -08:00

1 2 3

141 commits