From 687017ff8973cdc27ef86a895e846929dbd54b93 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 5 Dec 2021 03:32:32 -0500
Subject: [PATCH] use 1x1 GIF for placeholder image

---
 nginx/nginx.conf       |   8 ++++++++
 static/index.html      |   2 +-
 static/monitoring.js   |   4 ++--
 static/placeholder.gif | Bin 0 -> 43 bytes
 static/placeholder.png | Bin 119 -> 0 bytes
 5 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 static/placeholder.gif
 delete mode 100644 static/placeholder.png

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index e7f125c4..635a2557 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -311,6 +311,14 @@ http {
             add_header Cache-Control "public, max-age=604800";
         }
 
+        location ~ "\.gif$" {
+            include snippets/security-headers.conf;
+            add_header Cross-Origin-Resource-Policy "same-origin" always;
+            add_header Cache-Control "public, max-age=31536000, immutable";
+            gzip_static off;
+            brotli_static off;
+        }
+
         location ~ "\.png$" {
             include snippets/security-headers.conf;
             # avoid breaking image hotlinking such as https://github.com/TryGhost/Ghost/issues/12880
diff --git a/static/index.html b/static/index.html
index 3afa5537..691858ec 100644
--- a/static/index.html
+++ b/static/index.html
@@ -90,7 +90,7 @@ <h1 id="device-integrity-monitoring">
                 <p>Subscribe a device to regularly submitting attestations to this account by pressing 'Enable remote verification' in the Auditor app menu and scanning the QR code for this account:</p>
                 <section id="pairing">
                     <h2><a href="#pairing">Pair devices</a></h2>
-                    <img id="qr" height="300" width="300" alt="" src="/placeholder.png"/>
+                    <img id="qr" height="300" width="300" alt="" src="/placeholder.gif"/>
                     <button id="rotate">Rotate device subscription key</button>
                 </section>
                 <form id="configuration">
diff --git a/static/monitoring.js b/static/monitoring.js
index 1dcee4b1..ac780d90 100644
--- a/static/monitoring.js
+++ b/static/monitoring.js
@@ -62,7 +62,7 @@ function toSecurityLevelString(value) {
 }
 
 function reloadQrCode() {
-    qr.src = "/placeholder.png";
+    qr.src = "/placeholder.gif";
     qr.alt = "";
     post("/api/account.png", localStorage.getItem("requestToken")).then(response => {
         if (!response.ok) {
@@ -456,7 +456,7 @@ for (const logoutButton of document.getElementsByClassName("logout")) {
             accountContent.hidden = true;
             username.innerText = null;
             configuration.reset();
-            qr.src = "/placeholder.png";
+            qr.src = "/placeholder.gif";
             qr.alt = "";
             loggedInButtons.hidden = true;
             logout.disabled = false;
diff --git a/static/placeholder.gif b/static/placeholder.gif
new file mode 100644
index 0000000000000000000000000000000000000000..95a5eff67588fe0d662e258e81f4b30c97669125
GIT binary patch
literal 43
scmZ?wbhEHbWMp7u_`tyM|Nnmm1_s5SEI^WhK?g*DWEhy3To@Uw0oMfwXaE2J

literal 0
HcmV?d00001

diff --git a/static/placeholder.png b/static/placeholder.png
deleted file mode 100644
index 09cc00422021d85b0bf1c46f4eeb6aa307d75695..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 119
zcmeAS@N?(olHy`uVBq!ia0y~yVAKI&MxX#gAlv2}K+4Y3#WAFU@$D%?pePH2!QabS
s4lFyiR|iV3%$&6hfo?5Eu;JoS%<dC?DpQV0-vOEE>FVdQ&MBb@0MKA4ga7~l