Fix remote editing security policy

[rails.git] / app / controllers / export_controller.rb

diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb
index bd020f29b6ea11a1b960ec5f8e71d0885a48fd4c..1b7beaad696dd8ca3503babaa26e67748a70e511 100644 (file)
--- a/app/controllers/export_controller.rb
+++ b/app/controllers/export_controller.rb
@@ -1,6 +1,7 @@
 class ExportController < ApplicationController
   before_action :authorize_web
   before_action :set_locale
+  before_action :update_totp, :only => [:finish]
 
   caches_page :embed
 
@@ -11,7 +12,7 @@ class ExportController < ApplicationController
 
     if format == "osm"
       # redirect to API map get
-      redirect_to "http://api.openstreetmap.org/api/#{API_VERSION}/map?bbox=#{bbox}"
+      redirect_to :controller => "api", :action => "map", :bbox => bbox
 
     elsif format == "mapnik"
       # redirect to a special 'export' cgi script
@@ -22,6 +23,5 @@ class ExportController < ApplicationController
     end
   end
 
-  def embed
-  end
+  def embed; end
 end