Dress to Impress, a big fancy Neopets customization tool!
Emi Matchu
38bad12778
Before this change, the "Ornamental Lake with Goldies" item would fail to preview on the item page: the iframe for the animation layer would display an error page. The error was: ``` Invalid Content Security Policy script-src: "https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5 Canvas.js". Directive values must not contain whitespace or semicolons. Please use multiple arguments or other directive methods instead. (ActionDispatch::ContentSecurityPolicy::InvalidDirectiveError) ``` This is because the URL that Neopets sends us for this JS file contains an unescaped space character. This isn't usually an issue for e.g. loading a URL in the browser, but it's *not* valid syntax for inclusion in a Content Security Policy. In this change, we update our CSP code to parse URLs into `Addressable::URI` objects, which enables us to call the `normalize!` method, which fixes oddities like that. The URL now correctly appears in the CSP as `https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5%20Canvas.js`. |
||
|---|---|---|
| .devcontainer | ||
| .husky | ||
| app | ||
| bin | ||
| config | ||
| db | ||
| deploy | ||
| lib | ||
| public | ||
| spec | ||
| test | ||
| vendor | ||
| .eslintrc.json | ||
| .gitignore | ||
| .rspec | ||
| .ruby-version | ||
| .solargraph.yml | ||
| .yarnrc.yml | ||
| config.ru | ||
| falcon.rb | ||
| Gemfile | ||
| Gemfile.lock | ||
| LICENSE.md | ||
| package.json | ||
| Procfile.dev | ||
| Rakefile | ||
| README.md | ||
| yarn.lock | ||
Dress to Impress
Oh! We've been revitalizing the Rails app! Fun!
There'll be more to say about it here soon :3