cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11494 commits 4 branches 1 tag 499 MiB
Commit graph

365 commits

Author SHA1 Message Date
Andy Allan
83a0ea14f1 Refactor i18n so that all community information is available 
This makes it easier to use non-chapter communities on the site in future.
 2022-08-03 10:11:30 +01:00
Andy Allan
e530d4f54d Move the i18n loading to an initializer 
Use after_initialize to avoid rails resetting the translations
 2022-03-02 16:24:02 +00:00
Tom Hughes
bb5954e489 Drop unused browser feature predicates 2021-11-19 18:10:50 +00:00
Tom Hughes
ad0cfee788 Fix boot warnings for autoloaded constants in initializers 2021-11-16 19:08:26 +00:00
Tom Hughes
64604a852f Add a privileged scope that allows authorization to be skipped 2021-08-26 17:22:25 +01:00
Tom Hughes
6c6e8883f7 Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
Tom Hughes
ba8093f13a Allow cross origin access to OAuth 2 token endpoints 2021-07-06 19:30:05 +01:00
Tom Hughes
9db8488e7f Allow cross origin access to trace data 
Fixes #3252
 2021-07-06 19:29:42 +01:00
Tom Hughes
e9010306c5 Enable access token reuse for OAuth 2 2021-06-24 20:40:23 +01:00
Tom Hughes
76b45e5dde Update doorkeeper configuration file from master template 2021-06-24 20:40:23 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Tom Hughes
1096b3b8e2 Don't mark banner cookies as HttpOnly 
Fixes #3231
 2021-06-23 15:08:45 +01:00
Tom Hughes
baa32464cd Drop last vestiges of ruby 2.5 support 2021-06-08 20:33:25 +01:00
Tom Hughes
29032847d9 Set a referrer policy 2021-06-04 21:50:15 +01:00
Tom Hughes
aa9ce8b6db Allow OAuth 2 to redirect to plain HTTP for localhost 2021-05-18 12:05:33 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
be9a9a1556 Enable variant tracking for Active Storage 2021-05-17 19:29:12 +01:00
Tom Hughes
a533d341f0 Enable some more rails 6.1 defaults 2021-05-17 19:20:32 +01:00
Tom Hughes
84abb70f17 Default rails generated cookies to SameSite=Lax 2021-05-17 18:39:22 +01:00
Tom Hughes
c4d2f74408 Switch to new defaults for queue names 2021-05-13 20:41:41 +01:00
Tom Hughes
c7ad888015 Enable new Active Job defaults 2021-05-13 20:26:14 +01:00
Tom Hughes
94c5151064 Enable link header for asset preloading 2021-05-13 19:57:47 +01:00
Tom Hughes
32ebe67c00 Enable new connection handling API 2021-05-13 19:54:07 +01:00
Tom Hughes
afc4c6fde1 Enable use of URL safe CSRF tokens 2021-05-13 19:52:02 +01:00
Tom Hughes
a71b8af4d1 Update to rails 6.1.3.2 2021-05-12 18:49:21 +01:00
Tom Hughes
4d164df5b8 Drop monkey patch that is no longer needed with rails 6 2021-05-10 20:17:44 +01:00
Tom Hughes
1ba10fa9ac Drop monkey patch that is no longer required 2021-05-10 18:52:34 +01:00
Tom Hughes
46eae20478 Monkey patch oauth gem to avoid use of deprecated URI.unescape 2021-04-26 22:10:45 +01:00
Tom Hughes
89456c8b40 Handle UTF-8 correctly in monkey patched OAuth::Helper.escape 
Fixes #3185
 2021-04-26 22:10:45 +01:00
Tom Hughes
ad6c0d3eba Monkey patch oauth gem to avoid use of deprecated URI.escape 2021-04-22 18:53:27 +01:00
Andy Allan
bb2afc3e8b Prevent addition of style attributes to all elements 2021-03-24 20:55:30 +00:00
Andy Allan
d7eac9b5a8 Strip away class attributes from sanitized outputs 
There's a lot of shenanigans that are possible when you can apply
arbitrary classes to the rendered output.
 2021-03-24 19:15:21 +00:00
Andy Allan
f442bb9e80 Rework configuration to use Sanitize::Config.merge 
This is the recommended approach, and works better when dealing with deeper attributes
 2021-03-24 18:19:14 +00:00
Tom Hughes
f91dd6afc2 Tighten up cookie security 
Mark all cookies as Secure, and the cookies which are not
modified client side as HttpOnly.
 2021-02-19 18:18:13 +00:00
Tom Hughes
cea93e7244 Fix new rubocop warnings 2021-02-02 18:56:29 +00:00
Andy Allan
78bf2993e4 Refactor richtext fields to use a custom bootstrap_form input. 
This allows us to use form_group_builder and get all the label and
help text handling in line with other bootstrap_form inputs.
 2021-01-13 14:05:39 +00:00
Tom Hughes
b7d6243aff Restore ruby 2.5 compatibility 2021-01-11 20:04:13 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
3e150205ad Remove unnecessary inflection 2021-01-01 11:54:29 +00:00
Tom Hughes
eada36ff96 Switch to using the zeitwork autoloader 2020-12-30 20:30:21 +00:00
Tom Hughes
e392556444 Revert "Switch to using the zeitwork autoloader" 
This reverts commit 127880a73f.
 2020-12-29 19:29:36 +00:00
Tom Hughes
127880a73f Switch to using the zeitwork autoloader 2020-12-29 18:42:22 +00:00
Tom Hughes
5d96da3b67 Merge remote-tracking branch 'upstream/pull/2983' into master 2020-11-25 16:59:23 +00:00
Andy Allan
7b0de13c61 Allow smtp settings to be configured through the settings system 
This allows easier configuration using the settings.local.yml files

Fixes #2571
 2020-11-25 16:12:49 +00:00
Tom Hughes
d516ba5335 Add bootstrap classes to markdown tables 2020-11-19 10:17:21 +00:00
Tom Hughes
70c4a750d7 Fix new rubocop warnings 2020-09-16 08:28:25 +01:00
Tom Hughes
2651db7254 Fix Lint/MissingSuper warnings 2020-08-09 19:06:04 +01:00
Tom Hughes
9be62ca4bb Allow image loading from tileserver.memomaps.de 2020-07-08 19:07:49 +01:00
Tom Hughes
9f993fe8c8 Fix new rubocop warnings 2020-07-07 10:44:52 +01:00