dice/impress
1
0
Fork 0
forked from OpenNeo/impress
Code Pull requests Activity
impress/app/controllers
History
Matchu 7ec900b6b6 Use {script,style}_src instead of _elem, for better compatibility 
Oh, I didn't realize the `_elem` variant of these parts of the
`Content-Security-Policy` is newer, and so doesn't even work on my
current version of Safari on my Mac.

My rationale at the time was: `script_src_elem` is stricter against
things like imports, and I figured, ok let's do the strictest policy
that works. But since it's not fully compatible with browsers even
*I'm* using right now, and I'm not aware of an actual problem it would
prevent, let's back off that a bit! This should have the same effective
security properties for our case.

Note that the effect of this compatibility issue wasn't *weakening* the
policy; it was being *too* strict, by blocking the scripts and the
stylesheets. This is because `script_src_elem` was ignored, and
`script_src` was absent, so it fell back to `default_src none`.
2024-07-06 12:52:00 -07:00
..
devise Connect a NeoPass to an existing account 2024-04-08 05:33:58 -07:00
fundraising Move most fundraising files into a Fundraising module 2024-02-18 20:12:14 -08:00
about_controller.rb Add first draft of /about/neopass page 2024-03-12 17:58:44 -07:00
alt_styles_controller.rb Read known_glitches when loading alt styles SWF assets 2024-02-24 16:31:05 -08:00
application_controller.rb Add shadowban mechanism for closet lists 2024-04-20 20:57:15 -07:00
auth_users_controller.rb Fix bugs in Settings page when changes to the model are incomplete 2024-04-09 06:34:06 -07:00
closet_hangers_controller.rb Add shadowban mechanism for closet lists 2024-04-20 20:57:15 -07:00
closet_lists_controller.rb Disallow email addresses in closet list descriptions 2024-04-16 17:04:31 -07:00
contributions_controller.rb Migrate away from item translations in contributions 2024-02-20 15:52:10 -08:00
item_appearances_controller.rb Load item page restricted zones data from Rails app, not impress-2020 2023-11-11 08:49:19 -08:00
item_trades_controller.rb Oops, load the data for the bulk item quantity form on the trades page! 2024-01-21 06:42:24 -08:00
items_controller.rb Track preferred color/species for new item page previews 2024-07-01 17:38:31 -07:00
locales_controller.rb locale cookie should be long-term, not a session cookie 2013-01-24 18:24:33 -06:00
neopass_connections_controller.rb Use Neopets username as base name for new NeoPass accounts, if possible 2024-04-09 07:48:13 -07:00
neopets_connections_controller.rb closet hangers index uses neopets connections dropdown 2014-01-18 22:50:14 -06:00
neopets_page_import_tasks_controller.rb Fix petpage etc import 2023-11-06 12:59:28 -08:00
outfits_controller.rb Tweak NeoPass beta copy and widen the net again 2024-04-11 11:40:16 -07:00
pet_types_controller.rb Remove unused /colors/pet_types route 2024-02-24 15:51:40 -08:00
pets_controller.rb Migrate away from item translations in misc pages 2024-02-20 15:53:56 -08:00
sitemap_controller.rb Migrate away from item translations in misc pages 2024-02-20 15:53:56 -08:00
swf_assets_controller.rb Use {script,style}_src instead of _elem, for better compatibility 2024-07-06 12:52:00 -07:00
users_controller.rb Use flash[:notice] instead of flash[:success] 2023-10-23 19:05:07 -07:00