impress/app/controllers
Emi Matchu 58d7c38523 Simplify CSP header for SWF asset embeds, to fix 502 for some assets
Fun little bug: viewing the "Engulfed in Flames Effect" item was
showing our "502 Bad Gateway" custom error page in the embed. This is
because the Rails app was providing a `Content-Security-Policy` header
value that was longer than nginx is configured by default to allow, so
it was refusing the response, and showing the same 502 error as if the
app hadn't responded at all. (We discovered this by opening
`/var/log/nginx/error.log`, which explained this very clearly, ty~!)

In this change, we no longer list every `images.neopets.com` asset,
instead marking the entire domain as a valid image source for the
SWF asset embed iframe. I don't _love_ this solution, I liked the
property of specifying literally exactly the assets we allow! But I
don't think there's any practical danger here, and it helps a *lot* for
making this more reliable.

(If we could have solved this reliably by increasing nginx's allowed
response header size, I probably would've done that? But I researched a
bit, and ultimately concluded that I don't trust other intermediary
software like firewalls not to have the same issue. Let's not be
pushing the limits of HTTP headers of all things!)
2024-09-12 15:59:18 -07:00
..
devise Connect a NeoPass to an existing account 2024-04-08 05:33:58 -07:00
fundraising Move most fundraising files into a Fundraising module 2024-02-18 20:12:14 -08:00
about_controller.rb Add first draft of /about/neopass page 2024-03-12 17:58:44 -07:00
alt_styles_controller.rb Read known_glitches when loading alt styles SWF assets 2024-02-24 16:31:05 -08:00
application_controller.rb Add shadowban mechanism for closet lists 2024-04-20 20:57:15 -07:00
auth_users_controller.rb Fix bugs in Settings page when changes to the model are incomplete 2024-04-09 06:34:06 -07:00
closet_hangers_controller.rb Add shadowban mechanism for closet lists 2024-04-20 20:57:15 -07:00
closet_lists_controller.rb Disallow email addresses in closet list descriptions 2024-04-16 17:04:31 -07:00
contributions_controller.rb Migrate away from item translations in contributions 2024-02-20 15:52:10 -08:00
item_appearances_controller.rb Load item page restricted zones data from Rails app, not impress-2020 2023-11-11 08:49:19 -08:00
item_trades_controller.rb Oops, load the data for the bulk item quantity form on the trades page! 2024-01-21 06:42:24 -08:00
items_controller.rb Remove needed items form on Modeling Hub 2024-09-09 18:56:39 -07:00
locales_controller.rb locale cookie should be long-term, not a session cookie 2013-01-24 18:24:33 -06:00
neopass_connections_controller.rb Use Neopets username as base name for new NeoPass accounts, if possible 2024-04-09 07:48:13 -07:00
neopets_connections_controller.rb closet hangers index uses neopets connections dropdown 2014-01-18 22:50:14 -06:00
neopets_page_import_tasks_controller.rb Fix petpage etc import 2023-11-06 12:59:28 -08:00
outfits_controller.rb Tweak NeoPass beta copy and widen the net again 2024-04-11 11:40:16 -07:00
pet_types_controller.rb Remove unused /colors/pet_types route 2024-02-24 15:51:40 -08:00
pets_controller.rb Remove needed items form on Modeling Hub 2024-09-09 18:56:39 -07:00
sitemap_controller.rb Migrate away from item translations in misc pages 2024-02-20 15:53:56 -08:00
swf_assets_controller.rb Simplify CSP header for SWF asset embeds, to fix 502 for some assets 2024-09-12 15:59:18 -07:00
users_controller.rb Use flash[:notice] instead of flash[:success] 2023-10-23 19:05:07 -07:00