cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openstreetmap-website/app/controllers
History
Tom Hughes 988d7cd90d Remove form_action restrictions for sessions#login 
Login may redirect to ouath2_authorizations#create which may then
redirect to arbitrary schemes if the application is already authorized
so we need to allow login to redirect to any scheme.

Fixes #3424
2022-01-17 11:01:07 +00:00
..
api Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
concerns Avoid putting ActionController::Parameters objects in the session 2022-01-11 19:43:43 +00:00
accounts_controller.rb Avoid putting ActionController::Parameters objects in the session 2022-01-11 19:43:43 +00:00
api_controller.rb Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
application_controller.rb Improve fallback behaviour for unsafe referer redirects 2021-11-23 17:18:41 +00:00
browse_controller.rb Serve an updated TOTP token with the browse query response 2021-10-25 20:28:53 +01:00
changeset_comments_controller.rb Prefer keyword arguments when method has optional boolean arguments 2020-11-12 11:24:44 +00:00
changesets_controller.rb Prefer keyword arguments when method has optional boolean arguments 2020-11-12 11:24:44 +00:00
confirmations_controller.rb Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
dashboards_controller.rb Split the non-public information off of the profile page 2021-08-18 13:32:36 +01:00
diary_entries_controller.rb Add a user link to the heading of the diary comments page 2021-11-24 10:55:09 +00:00
directions_controller.rb Use CanCanCan for directions controller 2019-01-09 10:12:14 +01:00
errors_controller.rb Send plain errors for non HTML resources 2021-11-16 12:44:52 +00:00
export_controller.rb Fix new rubocop warnings 2020-08-06 18:42:16 +01:00
friendships_controller.rb Improve fallback behaviour for unsafe referer redirects 2021-11-23 17:18:41 +00:00
geocoder_controller.rb Attempt to avoid polynomial time matches on user supplied data 2022-01-05 18:38:15 +00:00
issue_comments_controller.rb Remove custom deny_access handlers 2018-11-14 14:10:51 +01:00
issues_controller.rb Fix various code comments 2021-07-21 11:24:23 +01:00
messages_controller.rb Improve fallback behaviour for unsafe referer redirects 2021-11-23 17:18:41 +00:00
notes_controller.rb Rename the notes#mine action to index 2020-07-08 18:43:30 +02:00
oauth2_applications_controller.rb Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
oauth2_authorizations_controller.rb Restore form_action restrictions for ouath2_authorizations#create 2022-01-17 11:00:41 +00:00
oauth2_authorized_applications_controller.rb Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
oauth_clients_controller.rb Use CanCanCan for oauth clients controller 2019-01-09 15:34:54 +01:00
oauth_controller.rb Check that the permission is non-zero 2021-07-01 16:35:29 +01:00
passwords_controller.rb Split password reset functionality into PasswordsController 2021-04-07 16:05:28 +01:00
preferences_controller.rb Ensure that flash message is shown in the updated language 2021-07-21 18:58:47 +01:00
profiles_controller.rb Move profile-related settings to their own form 2021-07-14 17:45:19 +01:00
redactions_controller.rb Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
reports_controller.rb Fix new rubocop warnings 2019-07-18 16:47:08 +01:00
sessions_controller.rb Remove form_action restrictions for sessions#login 2022-01-17 11:01:07 +00:00
site_controller.rb Remove both Potlatch versions 2021-01-05 21:18:45 +00:00
traces_controller.rb Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
user_blocks_controller.rb Prevent CSRF bypass unblocking users 2021-02-09 20:39:04 +00:00
user_roles_controller.rb Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
users_controller.rb Rename User#delete to User#destroy 2021-12-22 11:32:33 +00:00