X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/96c91757fc23023f2d56019252a9f89f2482266f..b78bb9f6313f3139ac83784df52bf39a5619d3e7:/app/controllers/site_controller.rb

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index aa284ecdc..b0552322e 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -69,6 +69,14 @@ class SiteController < ApplicationController
       require_user
     end
 
+    if editor == "potlatch" || editor == "potlatch2"
+      append_content_security_policy_directives(
+        :object_src => %w(*),
+        :plugin_types => %w(application/x-shockwave-flash),
+        :script_src => %w('unsafe-inline')
+      )
+    end
+
     if params[:node]
       bbox = Node.find(params[:node]).bbox.to_unscaled
       @lat = bbox.centre_lat
@@ -111,6 +119,12 @@ class SiteController < ApplicationController
   end
 
   def id
+    append_content_security_policy_directives(
+      :connect_src => %w(taginfo.openstreetmap.org *.mapillary.com),
+      :img_src => %w(*),
+      :script_src => %w(dev.virtualearth.net)
+    )
+
     render "id", :layout => false
   end