From ba87c1679e57ba28e91352b45574fab0141b0cbe Mon Sep 17 00:00:00 2001
From: Liam <byteslice@airmail.cc>
Date: Sat, 27 Apr 2024 19:49:24 -0400
Subject: [PATCH 1/3] Further improve only_tag filtering

---
 .../controllers/profile/tag_change_controller.ex     | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/philomena_web/controllers/profile/tag_change_controller.ex b/lib/philomena_web/controllers/profile/tag_change_controller.ex
index 21524d4bf..6aaa4c3af 100644
--- a/lib/philomena_web/controllers/profile/tag_change_controller.ex
+++ b/lib/philomena_web/controllers/profile/tag_change_controller.ex
@@ -31,7 +31,7 @@ defmodule PhilomenaWeb.Profile.TagChangeController do
     # params.permit(:added, :only_tag) ...
     pagination_params =
       [added: conn.params["added"], only_tag: conn.params["only_tag"]]
-      |> Keyword.filter(fn {k, _v} -> Map.has_key?(conn.params, "#{k}") end)
+      |> Keyword.filter(fn {_k, v} -> not is_nil(v) and v != "" end)
 
     render(conn, "index.html",
       title: "Tag Changes for User `#{user.name}'",
@@ -50,14 +50,16 @@ defmodule PhilomenaWeb.Profile.TagChangeController do
   defp added_filter(query, _params),
     do: query
 
-  defp only_tag_join(query, %{"only_tag" => only_tag}) when only_tag != "",
-    do: join(query, :inner, [tc], t in Tag, on: tc.tag_id == t.id)
+  defp only_tag_join(query, %{"only_tag" => only_tag})
+       when is_binary(only_tag) and only_tag != "",
+       do: join(query, :inner, [tc], t in Tag, on: tc.tag_id == t.id)
 
   defp only_tag_join(query, _params),
     do: query
 
-  defp only_tag_filter(query, %{"only_tag" => only_tag}) when only_tag != "",
-    do: where(query, [_, _, t], t.name == ^only_tag)
+  defp only_tag_filter(query, %{"only_tag" => only_tag})
+       when is_binary(only_tag) and only_tag != "",
+       do: where(query, [_, _, t], t.name == ^only_tag)
 
   defp only_tag_filter(query, _params),
     do: query

From b1a23292fabe675e243f7c2f3b59d358497b820a Mon Sep 17 00:00:00 2001
From: liamwhite <liamwhite@users.noreply.github.com>
Date: Sat, 27 Apr 2024 22:19:57 -0400
Subject: [PATCH 2/3] Whitespace tolerance (#237)

* Use flexbox for centering image blocks

* Fix tab display

* Make tag list wrappable and HTML whitespace tolerant

* Make header navigation HTML whitespace tolerant
---
 assets/css/common/_blocks.scss                     |  1 +
 assets/css/common/_header.scss                     |  5 +++++
 assets/css/views/_images.scss                      | 14 ++++----------
 assets/css/views/_tags.scss                        |  6 +++++-
 .../templates/layout/_header_navigation.html.slime |  2 +-
 5 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/assets/css/common/_blocks.scss b/assets/css/common/_blocks.scss
index 883302a8f..fbf2c7f79 100644
--- a/assets/css/common/_blocks.scss
+++ b/assets/css/common/_blocks.scss
@@ -124,6 +124,7 @@ a.block__header--single-item, .block__header a {
 .block__header--js-tabbed {
   @extend .block__header--light;
   background: transparent;
+  display: flex;
 
   border-bottom: $border;
   a {
diff --git a/assets/css/common/_header.scss b/assets/css/common/_header.scss
index e79e780a4..5b1598405 100644
--- a/assets/css/common/_header.scss
+++ b/assets/css/common/_header.scss
@@ -23,6 +23,11 @@
   padding-left: 6px;
 }
 
+.header__navigation {
+  display: flex;
+  flex-wrap: wrap;
+}
+
 a.header__link {
   display: inline-block;
   padding: 0 $header_spacing;
diff --git a/assets/css/views/_images.scss b/assets/css/views/_images.scss
index 76e1f74c8..c3a956bda 100644
--- a/assets/css/views/_images.scss
+++ b/assets/css/views/_images.scss
@@ -92,12 +92,6 @@ div.image-container {
   overflow: hidden;
   /* prevent .media-box__overlay from overflowing the container */
   text-align: center;
-  a::before {
-    content: "";
-    display: inline-block;
-    height: 100%;
-    vertical-align: middle;
-  }
   img,
   video {
     vertical-align: middle;
@@ -105,12 +99,12 @@ div.image-container {
     max-height: 100%;
   }
   /* Make the link cover the whole container if the image is oblong */
-  a {
+  a, picture, video {
     width: 100%;
     height: 100%;
-    display: inline-block;
-    text-align: center;
-    vertical-align: middle;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
   }
 }
 
diff --git a/assets/css/views/_tags.scss b/assets/css/views/_tags.scss
index 851507896..6626dda49 100644
--- a/assets/css/views/_tags.scss
+++ b/assets/css/views/_tags.scss
@@ -70,7 +70,11 @@
 .tag > span {
   padding: 5px;
   display: table-cell;
-  white-space: pre;
+}
+
+.tag-list {
+  display: flex;
+  flex-wrap: wrap;
 }
 
 .tag a {
diff --git a/lib/philomena_web/templates/layout/_header_navigation.html.slime b/lib/philomena_web/templates/layout/_header_navigation.html.slime
index 034506f42..112b0c576 100644
--- a/lib/philomena_web/templates/layout/_header_navigation.html.slime
+++ b/lib/philomena_web/templates/layout/_header_navigation.html.slime
@@ -1,4 +1,4 @@
-.hide-mobile
+.hide-mobile.header__navigation
   .dropdown.header__dropdown
     a.header__link href="/images"
       | Images

From 77548057e8528a20701db5fd185ac1233d52414c Mon Sep 17 00:00:00 2001
From: liamwhite <liamwhite@users.noreply.github.com>
Date: Sun, 28 Apr 2024 14:09:08 -0400
Subject: [PATCH 3/3] Relax CSP on development error pages (#238)

---
 config/runtime.exs                                     |  6 ++++++
 .../plugs/content_security_policy_plug.ex              | 10 +++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/config/runtime.exs b/config/runtime.exs
index 9cd91ed5b..3f911fa5f 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -134,10 +134,16 @@ if config_env() == :prod do
     url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
     secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
     server: not is_nil(System.get_env("START_ENDPOINT"))
+
+  # Do not relax CSP in production
+  config :philomena, csp_relaxed: false
 else
   # Don't send email in development
   config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
 
   # Use this to debug slime templates
   # config :slime, :keep_lines, true
+
+  # Relax CSP rules in development and test servers
+  config :philomena, csp_relaxed: true
 end
diff --git a/lib/philomena_web/plugs/content_security_policy_plug.ex b/lib/philomena_web/plugs/content_security_policy_plug.ex
index 5a97a57d1..58a18ac2f 100644
--- a/lib/philomena_web/plugs/content_security_policy_plug.ex
+++ b/lib/philomena_web/plugs/content_security_policy_plug.ex
@@ -41,7 +41,13 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
         |> Enum.map(&cspify_element/1)
         |> Enum.join("; ")
 
-      put_resp_header(conn, "content-security-policy", csp_value)
+      if conn.status == 500 and allow_relaxed_csp() do
+        # Allow Plug.Debugger to function in this case
+        delete_resp_header(conn, "content-security-policy")
+      else
+        # Enforce CSP otherwise
+        put_resp_header(conn, "content-security-policy", csp_value)
+      end
     end)
   end
 
@@ -69,4 +75,6 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
 
     Enum.join([key | value], " ")
   end
+
+  defp allow_relaxed_csp, do: Application.get_env(:philomena, :csp_relaxed, false)
 end