Phaser3, VPS, Content-Security-Policy

When I came back from skiing in Flims, the lockdown was about to start again. In order to finish the card games that we started back there, I was looking for the game on app store or any websites. I found none with a quick search, so I thought, why not try to program a one myself?

A quick google returned me with Phaser3 and an available framework for a card game. Following the instructions and some quick stackoverflow searches, I was able to setup some basic functionalities. The game flow of course is very buggy, you have to enter by the pre-defined order, you were able to play empty cards and the server can’t determine the winner in each round so that it can automatically count scores.

In order to publish the game, I also had to change the server type. I had a plesk web hosting from hosttech, which was ready to use and dummy ready. You had wordpress pre-installed and the settings were more or less done for you. You just click some tools together and ready you go. For Phaser3 games, I needed to serve the client files and listen to the server logic on node.js. After a quick search, I switched to a new VPS provider which is even less expensive than the previous plesk hosting. Some quick installs later, I was ready to run the game.

With new setup, comes new problems. I wanted to make sure that things are running securely, at least on obvious aspects. After the wordpress migration, I setup https and ran a quick scan. Content Security Policy headers apparently needed to be set to prevent some x-site scripting stuff so I just blindly went with the first tutorials. Now wordpress has a lot of different plugins, includes and inline scripts which are potentially not safe. Therefore, the editor is broken, the galleries are gone and here we are. I can’t add new images and even drafting in javascript mode did not work. What to do, what to do. After some intense weeks together with work, AZ-500 (luckily passed barely above threshold), I will just leave the site quickly as it is. Maybe it would require a fresh install of wordpress, or maybe I need another more “clean” CMS for the “blog”.

I guess as long as there is no fancy posts coming up, I am not rushing to fix this anytime soon. Next post up I think will be a easy AZ-500 comment, just to justify all the time I spent on this, so that I want to keep something that I can remember of and try to optimize this post with SEP and see if potentially more clicks would come in. (Do I really want that?)