Dress to Impress, a big fancy Neopets customization tool!
Find a file
Emi Matchu 58d7c38523 Simplify CSP header for SWF asset embeds, to fix 502 for some assets
Fun little bug: viewing the "Engulfed in Flames Effect" item was
showing our "502 Bad Gateway" custom error page in the embed. This is
because the Rails app was providing a `Content-Security-Policy` header
value that was longer than nginx is configured by default to allow, so
it was refusing the response, and showing the same 502 error as if the
app hadn't responded at all. (We discovered this by opening
`/var/log/nginx/error.log`, which explained this very clearly, ty~!)

In this change, we no longer list every `images.neopets.com` asset,
instead marking the entire domain as a valid image source for the
SWF asset embed iframe. I don't _love_ this solution, I liked the
property of specifying literally exactly the assets we allow! But I
don't think there's any practical danger here, and it helps a *lot* for
making this more reliable.

(If we could have solved this reliably by increasing nginx's allowed
response header size, I probably would've done that? But I researched a
bit, and ultimately concluded that I don't trust other intermediary
software like firewalls not to have the same issue. Let's not be
pushing the limits of HTTP headers of all things!)
2024-09-12 15:59:18 -07:00
.devcontainer Save last trade activity time onto User 2024-01-19 00:00:46 -08:00
.husky Set up eslint for wardrobe-2020 2023-11-02 18:11:07 -07:00
app Simplify CSP header for SWF asset embeds, to fix 502 for some assets 2024-09-12 15:59:18 -07:00
bin Move some Ansible config out of scripts and into ansible.cfg 2024-09-06 12:16:26 -07:00
config Fix SassC::SyntaxError when compiling perfectly valid CSS files 2024-09-09 19:59:43 -07:00
db Make thumbnail_url a manually overridable field for Alt Styles 2024-06-15 17:35:12 -07:00
deploy Speed up deploys with Ansible's pipelining option 2024-09-06 12:22:28 -07:00
lib Add rails rainbow_pool:import task, to get clean image hashes for pets 2024-09-07 12:51:59 -07:00
public Add a cute Ghost Acara to the 404 page 2024-04-20 21:31:27 -07:00
test Save last trade activity time onto User 2024-01-19 00:00:46 -08:00
vendor Upgrade async and related gems, and fix async-http response handling 2024-09-07 12:14:12 -07:00
.eslintrc.json Set up eslint for wardrobe-2020 2023-11-02 18:11:07 -07:00
.gitignore Create rails public_data:commit task, to share public data dumps 2024-02-29 14:30:33 -08:00
.prettierignore Set Prettier default to tabs instead of spaces, run on all JS 2024-09-09 16:11:48 -07:00
.ruby-version Update Ruby to 3.3.4, and update gems 2024-08-27 17:06:22 -07:00
.solargraph.yml Add Solargraph autocomplete while in development 2024-07-01 15:35:39 -07:00
.yarnrc.yml Upgrade to Yarn 4.0.2 2024-01-14 23:05:53 -08:00
config.ru Upgrade to Rails 6.1.7.4 2023-10-23 19:05:07 -07:00
falcon.rb Remove supervisor from the Falcon process? 2024-01-24 00:20:23 -08:00
Gemfile Upgrade async and related gems, and fix async-http response handling 2024-09-07 12:14:12 -07:00
Gemfile.lock Upgrade async and related gems, and fix async-http response handling 2024-09-07 12:14:12 -07:00
LICENSE.md Update GitHub links to point to our self-hosted OpenNeo Code 2024-02-29 11:24:21 -08:00
package.json Set Prettier default to tabs instead of spaces, run on all JS 2024-09-09 16:11:48 -07:00
Procfile.dev Use local-only HTTPS certs for the development neopass-server 2024-03-14 18:01:54 -07:00
Rakefile Uninstall resque 2023-10-23 19:05:04 -07:00
README.md Oops, needs to be a README.md file! 2023-10-25 16:31:41 -07:00
yarn.lock Upgrade typescript-eslint dependencies 2024-05-06 15:08:37 -07:00

Dress to Impress beach logo

Dress to Impress

Oh! We've been revitalizing the Rails app! Fun!

There'll be more to say about it here soon :3