cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11252 commits 4 branches 1 tag 499 MiB
Commit graph

104 commits

Author SHA1 Message Date
Adam Hoyle
8f529a337f Localise local chapters 2021-08-24 21:38:05 +01:00
Adam Hoyle
26aecfb2bf add route to pass locale 2021-08-10 10:13:24 +01:00
Adam Hoyle
86912a61df stub model and show in view 2021-08-08 23:28:44 +01:00
Adam Hoyle
d8d1ab1776 add route for communities 2021-08-07 15:46:39 +01:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
d4130bcac8 Fix the Redirect warnings from Brakeman 
Unfortunately I've had to leave the check disabed as Brakeman
can't see inside the safe_referer method so doesn't realise that
it is cleaning the referer.
 2020-07-22 19:23:46 +01:00
Tom Hughes
66ec3cd845 Add blob to frame-src in CSP for iD 
Fixes #2582
Closes #2583
 2020-04-09 18:43:12 +01:00
Tom Hughes
3426976606 Merge remote-tracking branch 'upstream/pull/2444' 2019-12-30 22:34:24 +00:00
Tom Hughes
ac6a872a48 Avoid errors when /edit is called on an invalid object 2019-12-16 21:23:09 +00:00
Mayank Tankhiwale
9f7ec064e4 Fix #2402 
1. Modified about routes
2. Accept the new params in site#about
3. Update about.html.erb
 2019-11-23 20:26:19 +05:30
Andy Allan
f77d4dc4f7 Avoid stating the action to render when it just matches the current action 2019-06-26 14:50:35 +02:00
Tom Hughes
141df02e67 Move status into the settings object 
Only the very early boot code needs to look at the value
from the environment directly.
 2019-03-17 11:15:34 +00:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
Andy Allan
fb2c1f6cfd Refactor site#welcome to use abilities instead of require_user 2018-10-10 11:49:45 +02:00
Andy Allan
420a7289a0 Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz 2018-10-10 11:26:30 +02:00
Tom Hughes
640ea955fe Remove script sources which are no longer needed by iD 2018-07-26 17:44:16 +01:00
Chris Flipse
b16aa11f65 fix tests for site controller 2018-06-17 13:56:23 -04:00
Andy Allan
ffa65d4d72 Add cancancan and the first ability definitions for site_controller 2018-06-17 13:56:23 -04:00
Tom Hughes
a516d13d33 Allow iD to access ESRI imagery metadata 2018-06-06 14:25:52 +01:00
Tom Hughes
c5d3335a6c Allow inline styles in iD 2018-05-18 20:28:09 +01:00
Tom Hughes
9227f6aecd Allow iD to access wikidata 2018-05-16 11:36:46 +01:00
Tom Hughes
8d41015673 Allow iD to access wikipedia 2018-05-16 08:48:38 +01:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Tom Hughes
afa5d420d3 Allow iD to fetch gpx files from arbitrary locations 2017-11-24 08:38:51 +00:00
Tom Hughes
527ec293c2 Fix security policy for mapillary in iD 2017-11-24 01:09:27 +00:00
Tom Hughes
4950ae3c1f Allow iD to connect to nominatim 2017-11-24 00:10:38 +00:00
Tom Hughes
7ce94ad0ec Add openstreetcam.org to security policy for iD 2017-11-16 10:17:22 +00:00
Andy Allan
6f89da05d1 Use current_user to represent the currently logged in user. 
This is already used by the oauth plugin, and is a general rails convention.
 2017-07-12 16:10:50 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
2357118c46 Avoid using format as a URL parameter name 
This prevents rails confusing it with the builtin format
parameter derived from the URL extension.
 2017-06-03 12:08:35 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
96c91757fc Don't try and look up traces until the user is logged in 
Fixes #1411
 2017-01-11 21:11:37 +00:00
Tom Hughes
777b19c775 Make export action send TOTP cookie 2017-01-02 22:51:18 +00:00
Tom Hughes
9a82ae069a Remove dot prefix from cookie domain 2017-01-02 21:33:58 +00:00
Tom Hughes
d83cc0f15b Reduce TOTP cookie expiry to one hour 2017-01-02 21:17:37 +00:00
Tom Hughes
17135cad03 Add support for generating TOTP cookies 
This allows other sites in the openstreetmap.org domain to validate
that requests are coming from a www.openstreetmap.org user.
 2017-01-02 19:01:01 +00:00
Tom Hughes
c8f26592a7 Fix rubocop warnings 2016-12-02 22:01:40 +00:00
Tom Hughes
dbe165bbb3 Fix some rubocop rails style issues 2015-02-26 00:12:54 +00:00
Tom Hughes
dc2a2c8ebd Standardise on double quoted strings 2015-02-20 19:47:26 +00:00
Tom Hughes
5cbd4038ed Fix rubocop style issues 2015-02-20 08:56:16 +00:00
Tom Hughes
ef7f3d800c Fix most auto-correctable rubocop issues 2015-02-20 08:56:16 +00:00
Tom Hughes
96e1665c01 Update to rails 4.1.6 2014-10-02 19:54:21 +01:00
Tom Hughes
c9e9ef1a89 Rewrite layer parameters in shortlinks correctly 
Fixes #762
 2014-06-17 21:15:36 +01:00
Tom Hughes
5a830b2845 Don't force a login to use a remote editor 
Fixes #754
 2014-06-15 11:00:49 +01:00
Tom Hughes
47841829d8 Improve redirection of shortlinks 
If a shortlink includes an object reference then redirect to a new
style browse URL for that object.

Fixes #702
 2014-02-15 12:42:52 +00:00
Tom Hughes
04ad0f6251 Do basic testing of all site controller methods 2013-12-07 17:21:17 +00:00
Tom Hughes
a51b4c869e Use the map layout when rendering index for a remote edit 2013-12-05 10:40:07 +00:00