X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/d581f1766532e9b92565e7af4ed086fdda8d780a..eb7b0c05e3e49f848377d74aab4953f552b8ca89:/app/controllers/user_controller.rb
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index e25d3c8b6..0c3ad0b05 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -18,6 +18,7 @@ class UserController < ApplicationController
around_action :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files]
before_action :lookup_user_by_id, :only => [:api_read]
before_action :lookup_user_by_name, :only => [:set_status, :delete]
+ before_action :allow_thirdparty_images, :only => [:view, :account]
def terms
@legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || DEFAULT_LEGALE
@@ -44,9 +45,7 @@ class UserController < ApplicationController
if current_user
current_user.terms_seen = true
- if current_user.save
- flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe
- end
+ flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe if current_user.save
if params[:referer]
redirect_to params[:referer]
@@ -202,6 +201,10 @@ class UserController < ApplicationController
@title = t "user.new.title"
@referer = params[:referer] || session[:referer]
+ append_content_security_policy_directives(
+ :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+ )
+
if current_user
# The user is logged in already, so don't show them the signup
# page, instead send them to the home page
@@ -528,9 +531,7 @@ class UserController < ApplicationController
session[:new_user].auth_provider = provider
session[:new_user].auth_uid = uid
- if email_verified && email == session[:new_user].email
- session[:new_user].status = "active"
- end
+ session[:new_user].status = "active" if email_verified && email == session[:new_user].email
redirect_to :action => "terms"
else