Dress to Impress, a big fancy Neopets customization tool!
Matchu
7ec900b6b6
Oh, I didn't realize the `_elem` variant of these parts of the `Content-Security-Policy` is newer, and so doesn't even work on my current version of Safari on my Mac. My rationale at the time was: `script_src_elem` is stricter against things like imports, and I figured, ok let's do the strictest policy that works. But since it's not fully compatible with browsers even *I'm* using right now, and I'm not aware of an actual problem it would prevent, let's back off that a bit! This should have the same effective security properties for our case. Note that the effect of this compatibility issue wasn't *weakening* the policy; it was being *too* strict, by blocking the scripts and the stylesheets. This is because `script_src_elem` was ignored, and `script_src` was absent, so it fell back to `default_src none`. |
||
|---|---|---|
| .devcontainer | ||
| .husky | ||
| app | ||
| bin | ||
| config | ||
| db | ||
| deploy | ||
| lib | ||
| public | ||
| test | ||
| vendor | ||
| .eslintrc.json | ||
| .gitignore | ||
| .ruby-version | ||
| .solargraph.yml | ||
| .yarnrc.yml | ||
| config.ru | ||
| falcon.rb | ||
| Gemfile | ||
| Gemfile.lock | ||
| LICENSE.md | ||
| package.json | ||
| Procfile.dev | ||
| Rakefile | ||
| README.md | ||
| yarn.lock | ||
Dress to Impress
Oh! We've been revitalizing the Rails app! Fun!
There'll be more to say about it here soon :3