From 9540e2122bf714a08cfa635e3f463e0f3d62beac Mon Sep 17 00:00:00 2001
From: Emi Dunn-Rankin <matchu1993@gmail.com>
Date: Sat, 23 Jul 2022 21:44:17 -0700
Subject: [PATCH] Disable HTTPS for SWF asset downloads

Whoops, everything broke because the world is far ahead of us on security! Oh well.
---
 app/models/swf_asset.rb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/models/swf_asset.rb b/app/models/swf_asset.rb
index 166cb9df..4b00efcd 100644
--- a/app/models/swf_asset.rb
+++ b/app/models/swf_asset.rb
@@ -261,9 +261,18 @@ class SwfAsset < ActiveRecord::Base
 
   before_create do
     uri = URI.parse url
+    # NOTE: Our old Ruby can't do the HTTPS the images.neopets.com server
+    #       wants. We turn it off instead! Sigh. Should be fine since we
+    #       don't anticipate like, an MITM attack against our VPS.
+    #
+    #       Also, we re-parse after setting the scheme, to change the
+    #       class to URI:HTTP. This especially matters for URIs that
+    #       were given to us as "//images.neopets.com", because they
+    #       don't have a `request_uri` method.
+    uri.scheme = 'http'
+    uri = URI.parse(uri.to_s)
     begin
       http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = (uri.scheme == 'https')
       response = http.get(uri.request_uri)
     rescue Exception => e
       raise DownloadError, e.message