Since http is still fucking up the display of submission images for me thanks to CSP I created a Greasemonkey script to fix for my browser

Submitted by nitori in programming (edited )

Pale Moon and Firefox ESR btw

For some reason Edge will happily display the submission image even if it's http and not https...

// ==UserScript==
// @name        Fix jstpst http CSP
// @namespace   mima.localghost.org
// @description Replaces every http with https to comply with CSP
// @author      u/nitori
// @include     https://jstpst.net/*
// @exclude     
// @version     1.2
// @grant       none
// @license     EFL-2.0
// ==/UserScript==
/*

  Eiffel Forum License, version 2

   1. Permission is hereby granted to use, copy, modify and/or
      distribute this package, provided that:
          * copyright notices are retained unchanged,
          * any distribution of this package, whether modified or not,
      includes this license text.
   2. Permission is hereby also granted to distribute binary programs
      which depend on this package. If the binary program depends on a
      modified version of this package, you are encouraged to publicly
      release the modified version of this package.

***********************

THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT WARRANTY. ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE TO ANY PARTY FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THIS PACKAGE.

***********************

*/
var links = document.getElementsByTagName("a");
var imgs = document.getElementsByTagName("img");
var stepl;
var stepi;
for (stepl = 0; stepl < links.length; stepl++) {
 if (links[stepl].protocol === "http:" && links[stepl].host === location.host) {
  links[stepl].protocol = "https:";
 }
}
for (stepi = 0; stepi < imgs.length; stepi++) {
 imgs[stepi].src = imgs[stepi].src.replace('http://jstpst.net/', '/');
 imgs[stepi].srcset = imgs[stepi].srcset.replace('http://jstpst.net/', '/');
}

EDIT: Forgot about srcset which means thumbnail is still broken at 2x size lol

4

Comments

You must log in or register to comment.

twovests wrote (edited )

my bad! i misread something earlier and thought this was fixed by someone else, i'll get to this soonish

4

emma wrote

i will put down the pitchfork, for now

to reiterate what i said on the worst chat app in existence, you gotta do the TRUSTED_PROXIES=172.16.0.0/12 thing. this will make postmill accept caddy's x-forwarded-proto: https header that i'm pretty sure it sends to the backend. there is no need to edit the templates, as someone else suggested.

4