Merge remote-tracking branch 'upstream/master'

derpibooru · Apr 29, 2024 · 887535b · 887535b
2 parents a56f7fb + 7754805
commit 887535b
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 18 deletions.
diff --git a/assets/css/common/_blocks.scss b/assets/css/common/_blocks.scss
@@ -124,6 +124,7 @@ a.block__header--single-item, .block__header a {
 .block__header--js-tabbed {
   @extend .block__header--light;
   background: transparent;
+  display: flex;
 
   border-bottom: $border;
   a {

diff --git a/assets/css/common/_header.scss b/assets/css/common/_header.scss
@@ -23,6 +23,11 @@
   padding-left: 6px;
 }
 
+.header__navigation {
+  display: flex;
+  flex-wrap: wrap;
+}
+
 a.header__link {
   display: inline-block;
   padding: 0 $header_spacing;

diff --git a/assets/css/views/_images.scss b/assets/css/views/_images.scss
@@ -92,25 +92,19 @@ div.image-container {
   overflow: hidden;
   /* prevent .media-box__overlay from overflowing the container */
   text-align: center;
-  a::before {
-    content: "";
-    display: inline-block;
-    height: 100%;
-    vertical-align: middle;
-  }
   img,
   video {
     vertical-align: middle;
     max-width: 100%;
     max-height: 100%;
   }
   /* Make the link cover the whole container if the image is oblong */
-  a {
+  a, picture, video {
     width: 100%;
     height: 100%;
-    display: inline-block;
-    text-align: center;
-    vertical-align: middle;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
   }
 }
 

diff --git a/assets/css/views/_tags.scss b/assets/css/views/_tags.scss
@@ -70,7 +70,11 @@
 .tag > span {
   padding: 5px;
   display: table-cell;
-  white-space: pre;
+}
+
+.tag-list {
+  display: flex;
+  flex-wrap: wrap;
 }
 
 .tag a {

diff --git a/config/runtime.exs b/config/runtime.exs
@@ -134,10 +134,16 @@ if config_env() == :prod do
     url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
     secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
     server: not is_nil(System.get_env("START_ENDPOINT"))
+
+  # Do not relax CSP in production
+  config :philomena, csp_relaxed: false
 else
   # Don't send email in development
   config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
 
   # Use this to debug slime templates
   # config :slime, :keep_lines, true
+
+  # Relax CSP rules in development and test servers
+  config :philomena, csp_relaxed: true
 end
diff --git a/lib/philomena_web/controllers/profile/tag_change_controller.ex b/lib/philomena_web/controllers/profile/tag_change_controller.ex
@@ -31,7 +31,7 @@ defmodule PhilomenaWeb.Profile.TagChangeController do
     # params.permit(:added, :only_tag) ...
     pagination_params =
       [added: conn.params["added"], only_tag: conn.params["only_tag"]]
-      |> Keyword.filter(fn {k, _v} -> Map.has_key?(conn.params, "#{k}") end)
+      |> Keyword.filter(fn {_k, v} -> not is_nil(v) and v != "" end)
 
     render(conn, "index.html",
       title: "Tag Changes for User `#{user.name}'",
@@ -50,14 +50,16 @@ defmodule PhilomenaWeb.Profile.TagChangeController do
   defp added_filter(query, _params),
     do: query
 
-  defp only_tag_join(query, %{"only_tag" => only_tag}) when only_tag != "",
-    do: join(query, :inner, [tc], t in Tag, on: tc.tag_id == t.id)
+  defp only_tag_join(query, %{"only_tag" => only_tag})
+       when is_binary(only_tag) and only_tag != "",
+       do: join(query, :inner, [tc], t in Tag, on: tc.tag_id == t.id)
 
   defp only_tag_join(query, _params),
     do: query
 
-  defp only_tag_filter(query, %{"only_tag" => only_tag}) when only_tag != "",
-    do: where(query, [_, _, t], t.name == ^only_tag)
+  defp only_tag_filter(query, %{"only_tag" => only_tag})
+       when is_binary(only_tag) and only_tag != "",
+       do: where(query, [_, _, t], t.name == ^only_tag)
 
   defp only_tag_filter(query, _params),
     do: query

diff --git a/lib/philomena_web/plugs/content_security_policy_plug.ex b/lib/philomena_web/plugs/content_security_policy_plug.ex
@@ -41,7 +41,13 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
         |> Enum.map(&cspify_element/1)
         |> Enum.join("; ")
 
-      put_resp_header(conn, "content-security-policy", csp_value)
+      if conn.status == 500 and allow_relaxed_csp() do
+        # Allow Plug.Debugger to function in this case
+        delete_resp_header(conn, "content-security-policy")
+      else
+        # Enforce CSP otherwise
+        put_resp_header(conn, "content-security-policy", csp_value)
+      end
     end)
   end
 
@@ -69,4 +75,6 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
 
     Enum.join([key | value], " ")
   end
+
+  defp allow_relaxed_csp, do: Application.get_env(:philomena, :csp_relaxed, false)
 end
diff --git a/lib/philomena_web/templates/layout/_header_navigation.html.slime b/lib/philomena_web/templates/layout/_header_navigation.html.slime
@@ -1,4 +1,4 @@
-.hide-mobile
+.hide-mobile.header__navigation
   .dropdown.header__dropdown
     a.header__link href="/images"
       | Images