[openstreetmap/openstreetmap-website] Send TOTP cookies for all pages with maps (PR #6922)
Tom Hughes
notifications at github.com
Fri Mar 20 22:52:46 UTC 2026
This extends TOTP cookies to all pages with maps so that they can be used to validate referers claiming to be openstreermap.org on the production tile servers.
It also allows the TOTP domain to be configured as it was hardwired to openstreetmap.org before.
One thing it doesn't do is send TOTP for embeds, because we cache those and have apache serve them statically. It will need @pnorman to weigh in on whether that's a problem but I'm not sure what we can do about it anyway.
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/6922
-- Commit Summary --
* All domain for TOTP cookies to be configured
* Send TOTP cookie for all pages with a map
-- File Changes --
M app/controllers/application_controller.rb (2)
M app/controllers/dashboards_controller.rb (1)
M app/controllers/diary_entries_controller.rb (1)
M app/controllers/profiles/locations_controller.rb (4)
M config/settings.yml (1)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/6922.patch
https://github.com/openstreetmap/openstreetmap-website/pull/6922.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6922
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/6922 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20260320/fc91d7db/attachment-0001.htm>
More information about the rails-dev
mailing list