cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11958 commits 4 branches 1 tag 499 MiB
Commit graph

386 commits

Author SHA1 Message Date
Tom Hughes
fb362ef0d8 Enable brotli compression for assets 2022-08-03 19:01:24 +01:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
21d52f2d3f Monkey patch MailDeliveryJob to work with delayed_job under ruby 3 
The delayed_job gem does not currently perserve keyword arguments
properly leading to errors when running under ruby 3 and try to run
a job that requires them.

This affects our deferred mail deliveries so we monkey patch the
mail delivery job to unpack the hash from the normal arguments and
use it to provide the expected keyword arguments.

https://github.com/collectiveidea/delayed_job/issues/1134
 2022-07-23 12:12:29 +01:00
Tom Hughes
6ef6ddc14d Make database_offline mode work 
Fixes #3529
 2022-04-11 20:28:11 +01:00
Tom Hughes
ddb140f387 Switch to using vips for image processing 2022-03-02 19:44:56 +00:00
Tom Hughes
304eb3b75c Enable open redirect protection 2022-03-01 18:39:08 +00:00
Tom Hughes
172a71e3f2 Disable partial inserts 2022-02-22 19:16:10 +00:00
Tom Hughes
5b3edb8075 Switch to rails 7 default headers 
These are basically all the same as what secure_headers
was already setting for us anyway.
 2022-02-22 19:13:02 +00:00
Tom Hughes
a5508cfba1 Enable automatic scope inversing 2022-02-21 19:11:58 +00:00
Tom Hughes
b86390d303 Use a button element for button_to 2022-02-21 19:11:58 +00:00
Tom Hughes
999ebb1bf2 Default to not specifying media restrictions on stylesheet tags 2022-02-21 19:11:58 +00:00
Tom Hughes
04cb32b140 Enable verification of foreign keys in tests 2022-02-21 19:11:58 +00:00
Tom Hughes
fbd45a2ea0 Wrap test execution for better isolation 2022-02-17 19:30:19 +00:00
Tom Hughes
890569fba7 Enable some rails 7.x defaults 2022-02-17 19:18:03 +00:00
Tom Hughes
28900676f3 Default to allowing TLS for SMTP but without peer verification 2022-02-17 00:54:11 +00:00
Tom Hughes
aec7af87d7 Disable peer host name validation when sending email 2022-02-16 22:48:26 +00:00
Andy Allan
ce4fbc63ec
Merge pull request #3414 from tomhughes/rails7 
Update to rails 7.x
 2022-02-16 15:16:53 +00:00
Andy Allan
2fabc46421
Merge pull request #3440 from mmd-osm/relationmemberlimit 
Introduce relation member limit
 2022-02-16 14:58:30 +00:00
Tom Hughes
7eafdca51c Update to rails 7.0.2.2 2022-02-16 14:26:57 +00:00
Tom Hughes
1612ea75c5 Allow trace image URL to be configured in the CSP policy 2022-02-13 19:25:42 +00:00
mmd-osm
2efd73c672 Introduce relation member limit 
Adds a new parameter `max_number_of_relation_members` in settings.yml
 2022-02-02 13:15:40 +01:00
Tom Hughes
7de3143525 Switch to 6.1 defaults as everything has been enabled for some time 2021-12-30 19:55:13 +00:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
Tom Hughes
bb5954e489 Drop unused browser feature predicates 2021-11-19 18:10:50 +00:00
Tom Hughes
ad0cfee788 Fix boot warnings for autoloaded constants in initializers 2021-11-16 19:08:26 +00:00
Tom Hughes
64604a852f Add a privileged scope that allows authorization to be skipped 2021-08-26 17:22:25 +01:00
Tom Hughes
6c6e8883f7 Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
Tom Hughes
ba8093f13a Allow cross origin access to OAuth 2 token endpoints 2021-07-06 19:30:05 +01:00
Tom Hughes
9db8488e7f Allow cross origin access to trace data 
Fixes #3252
 2021-07-06 19:29:42 +01:00
Tom Hughes
e9010306c5 Enable access token reuse for OAuth 2 2021-06-24 20:40:23 +01:00
Tom Hughes
76b45e5dde Update doorkeeper configuration file from master template 2021-06-24 20:40:23 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Tom Hughes
1096b3b8e2 Don't mark banner cookies as HttpOnly 
Fixes #3231
 2021-06-23 15:08:45 +01:00
Tom Hughes
baa32464cd Drop last vestiges of ruby 2.5 support 2021-06-08 20:33:25 +01:00
Tom Hughes
29032847d9 Set a referrer policy 2021-06-04 21:50:15 +01:00
Tom Hughes
aa9ce8b6db Allow OAuth 2 to redirect to plain HTTP for localhost 2021-05-18 12:05:33 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
be9a9a1556 Enable variant tracking for Active Storage 2021-05-17 19:29:12 +01:00
Tom Hughes
a533d341f0 Enable some more rails 6.1 defaults 2021-05-17 19:20:32 +01:00
Tom Hughes
84abb70f17 Default rails generated cookies to SameSite=Lax 2021-05-17 18:39:22 +01:00
Tom Hughes
c4d2f74408 Switch to new defaults for queue names 2021-05-13 20:41:41 +01:00
Tom Hughes
c7ad888015 Enable new Active Job defaults 2021-05-13 20:26:14 +01:00
Tom Hughes
94c5151064 Enable link header for asset preloading 2021-05-13 19:57:47 +01:00
Tom Hughes
32ebe67c00 Enable new connection handling API 2021-05-13 19:54:07 +01:00
Tom Hughes
afc4c6fde1 Enable use of URL safe CSRF tokens 2021-05-13 19:52:02 +01:00
Tom Hughes
a71b8af4d1 Update to rails 6.1.3.2 2021-05-12 18:49:21 +01:00
Tom Hughes
4d164df5b8 Drop monkey patch that is no longer needed with rails 6 2021-05-10 20:17:44 +01:00
Tom Hughes
1ba10fa9ac Drop monkey patch that is no longer required 2021-05-10 18:52:34 +01:00
Tom Hughes
46eae20478 Monkey patch oauth gem to avoid use of deprecated URI.unescape 2021-04-26 22:10:45 +01:00
Tom Hughes
89456c8b40 Handle UTF-8 correctly in monkey patched OAuth::Helper.escape 
Fixes #3185
 2021-04-26 22:10:45 +01:00