X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/30a4fb85a9d8dce906a5f9a397810bb970853122..5f59845575ed313688eca669fd73f4f6a5993c23:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bc1fd488d..227e5198f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -105,7 +105,7 @@ class ApplicationController < ActionController::Base
       # if the user hasn't seen the contributor terms then don't
       # allow editing - they have to go to the web site and see
       # (but can decline) the CTs to continue.
-      if REQUIRE_TERMS_SEEN && !current_user.terms_seen && flash[:skip_terms].nil?
+      if !current_user.terms_seen && flash[:skip_terms].nil?
         set_locale
         report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
       end
@@ -333,11 +333,9 @@ class ApplicationController < ActionController::Base
     append_content_security_policy_directives(
       :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
       :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
-      :connect_src => [NOMINATIM_URL, OVERPASS_URL, OSRM_URL, GRAPHHOPPER_URL],
+      :connect_src => [NOMINATIM_URL, OVERPASS_URL, FOSSGIS_OSRM_URL, GRAPHHOPPER_URL],
       :form_action => %w[render.openstreetmap.org],
-      :style_src => %w['unsafe-inline'],
-      :script_src => [MAPQUEST_DIRECTIONS_URL],
-      :img_src => %w[developer.mapquest.com]
+      :style_src => %w['unsafe-inline']
     )
 
     if STATUS == :database_offline || STATUS == :api_offline