Gemfile.lock

@@ -7,29 +7,29 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (8.0.2)
+    actioncable (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (8.0.2)
+    actionmailbox (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      activejob (= 8.0.2)
+      activejob (= 8.0.1)
-      activerecord (= 8.0.2)
+      activerecord (= 8.0.1)
-      activestorage (= 8.0.2)
+      activestorage (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
-    actionmailer (8.0.2)
+    actionmailer (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      actionview (= 8.0.2)
+      actionview (= 8.0.1)
-      activejob (= 8.0.2)
+      activejob (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (8.0.2)
+    actionpack (8.0.1)
-      actionview (= 8.0.2)
+      actionview (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       nokogiri (>= 1.8.5)
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
@@ -37,35 +37,35 @@ GEM
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actiontext (8.0.2)
+    actiontext (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      activerecord (= 8.0.2)
+      activerecord (= 8.0.1)
-      activestorage (= 8.0.2)
+      activestorage (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (8.0.2)
+    actionview (8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (8.0.2)
+    activejob (8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       globalid (>= 0.3.6)
-    activemodel (8.0.2)
+    activemodel (8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
-    activerecord (8.0.2)
+    activerecord (8.0.1)
-      activemodel (= 8.0.2)
+      activemodel (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       timeout (>= 0.4.0)
-    activestorage (8.0.2)
+    activestorage (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      activejob (= 8.0.2)
+      activejob (= 8.0.1)
-      activerecord (= 8.0.2)
+      activerecord (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       marcel (~> 1.0)
-    activesupport (8.0.2)
+    activesupport (8.0.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -123,7 +123,7 @@ GEM
     builder (3.3.0)
     childprocess (5.1.0)
       logger (~> 1.5)
-    concurrent-ruby (1.3.5)
+    concurrent-ruby (1.3.4)
     connection_pool (2.5.0)
     console (1.29.2)
       fiber-annotation
@@ -196,14 +196,13 @@ GEM
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.14.7)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     io-console (0.8.0)
     io-endpoint (0.14.0)
     io-event (1.7.5)
     io-stream (0.6.1)
-    irb (1.15.1)
+    irb (1.14.3)
-      pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jaro_winkler (1.6.0)
@@ -228,7 +227,7 @@ GEM
     letter_opener (1.10.0)
       launchy (>= 2.2, < 4)
     localhost (1.3.1)
-    logger (1.7.0)
+    logger (1.6.5)
     loofah (2.24.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -243,24 +242,24 @@ GEM
     metrics (0.12.1)
     mini_mime (1.1.5)
     mini_portile2 (2.8.8)
-    minitest (5.25.5)
+    minitest (5.25.4)
     msgpack (1.7.5)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     mysql2 (0.5.6)
     net-http (0.6.0)
       uri
-    net-imap (0.5.6)
+    net-imap (0.5.5)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
       timeout
-    net-smtp (0.5.1)
+    net-smtp (0.5.0)
       net-protocol
     nio4r (2.7.4)
-    nokogiri (1.18.6)
+    nokogiri (1.18.1)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     omniauth (2.1.2)
@@ -292,9 +291,6 @@ GEM
     parser (3.3.6.0)
       ast (~> 2.4.1)
       racc
-    pp (0.6.2)
-      prettyprint
-    prettyprint (0.2.0)
     process-metrics (0.3.0)
       console (~> 1.8)
       json (~> 2)
@@ -309,12 +305,12 @@ GEM
     protocol-rack (0.10.1)
       protocol-http (~> 0.37)
       rack (>= 1.0)
-    psych (5.2.3)
+    psych (5.2.2)
       date
       stringio
     public_suffix (6.0.1)
     racc (1.8.1)
-    rack (3.1.12)
+    rack (3.1.8)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-mini-profiler (3.3.1)
@@ -337,20 +333,20 @@ GEM
       rack (>= 1.3)
     rackup (2.2.1)
       rack (>= 3)
-    rails (8.0.2)
+    rails (8.0.1)
-      actioncable (= 8.0.2)
+      actioncable (= 8.0.1)
-      actionmailbox (= 8.0.2)
+      actionmailbox (= 8.0.1)
-      actionmailer (= 8.0.2)
+      actionmailer (= 8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      actiontext (= 8.0.2)
+      actiontext (= 8.0.1)
-      actionview (= 8.0.2)
+      actionview (= 8.0.1)
-      activejob (= 8.0.2)
+      activejob (= 8.0.1)
-      activemodel (= 8.0.2)
+      activemodel (= 8.0.1)
-      activerecord (= 8.0.2)
+      activerecord (= 8.0.1)
-      activestorage (= 8.0.2)
+      activestorage (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       bundler (>= 1.15.0)
-      railties (= 8.0.2)
+      railties (= 8.0.1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -361,9 +357,9 @@ GEM
     rails-i18n (8.0.1)
       i18n (>= 0.7, < 2)
       railties (>= 8.0.0, < 9)
-    railties (8.0.2)
+    railties (8.0.1)
-      actionpack (= 8.0.2)
+      actionpack (= 8.0.1)
-      activesupport (= 8.0.2)
+      activesupport (= 8.0.1)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -373,7 +369,7 @@ GEM
     rake (13.2.1)
     rbs (2.8.4)
     rdiscount (2.2.7.3)
-    rdoc (6.13.1)
+    rdoc (6.10.0)
       psych (>= 4.0.0)
     react-rails (2.7.1)
       babel-transpiler (>= 0.7.0)
@@ -473,7 +469,7 @@ GEM
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
     stackprof (0.2.26)
-    stringio (3.1.6)
+    stringio (3.1.2)
     swd (2.0.3)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
@@ -496,7 +492,7 @@ GEM
     unicode-display_width (3.1.3)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
-    uri (1.0.3)
+    uri (1.0.2)
     useragent (0.16.11)
     validate_url (1.0.15)
       activemodel (>= 3.0.0)
@@ -522,7 +518,7 @@ GEM
     websocket-extensions (0.1.5)
     will_paginate (4.0.1)
     yard (0.9.37)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.1)
 
 PLATFORMS
   ruby

app/controllers/swf_assets_controller.rb

@@ -18,7 +18,7 @@ class SwfAssetsController < ApplicationController
 				# doing this can help make this header a *lot* shorter, which helps
 				# our nginx reverse proxy (and probably some clients) handle it. (For
 				# example, see asset `667993` for "Engulfed in Flames Effect".)
-				origins: ["https://images.neopets.com"],
+				hosts: ["https://images.neopets.com"],
 			)
 		}
 
@@ -45,23 +45,14 @@ class SwfAssetsController < ApplicationController
 
 	private
 
-	def src_list(*urls, origins: [])
+	def src_list(*urls, hosts: [])
-		clean_urls = urls.
+		urls.
 			# Ignore any `nil`s that might arise
 			filter(&:present?).
-			# Parse the URL.
-			map { |url| Addressable::URI.parse(url) }.
 			# Remove query strings from URLs (they're invalid in CSPs)
-			each { |url| url.query = nil }.
+			map { |url| url.sub(/\?.*\z/, "") }.
-			# For the given `origins`, remove all their specific URLs, because
+			# For the given `hosts`, remove all their specific URLs, and just list
-			# we'll just include the entire origin anyway.
+			# the host itself.
-			reject { |url| origins.include?(url.origin) }.
+			reject { |url| hosts.any? { |h| url.start_with? h } } + hosts
-			# Normalize the URLs. (This fixes issues like when the canonical
-			# Neopets version of the URL contains plain unescaped spaces.)
-			each(&:normalize!).
-			# Convert the URLs back into strings.
-			map(&:to_s)
-
-		clean_urls + origins
 	end
 end