From 4a0b955bb4ba1ce25ebadbe3e4e3c6ddbb99d915 Mon Sep 17 00:00:00 2001
From: cay <cay@joksch.ch>
Date: Thu, 9 Apr 2026 18:34:39 +0100
Subject: [PATCH] eqrheqr

---
 app.js                    | 11 +++--------
 views/1v1-battlefield.ejs | 15 ++++++++-------
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/app.js b/app.js
index e6279c5..be9aa37 100644
--- a/app.js
+++ b/app.js
@@ -61,8 +61,9 @@ app.use(
         scriptSrcAttr: ["'unsafe-inline'"],
         styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
         fontSrc: ["'self'", "https://fonts.gstatic.com"],
-        imgSrc: ["'self'", "data:"],
+        imgSrc: ["'self'", "data:", "blob:"],
         connectSrc: ["'self'", "ws:", "wss:"],
+        frameAncestors: ["'self'"],  // Erlaubt iframe von eigener Domain
       },
     },
   }),
@@ -104,13 +105,7 @@ app.set("views", path.join(__dirname, "views"));
 
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
-app.use(express.static(path.join(__dirname, "public"), {
-  etag: false,
-  lastModified: false,
-  setHeaders: (res) => {
-    res.setHeader("Cache-Control", "no-store");
-  }
-}));
+app.use(express.static(path.join(__dirname, "public")));
 
 /* ========================
    Login Middleware
diff --git a/views/1v1-battlefield.ejs b/views/1v1-battlefield.ejs
index 05bc6eb..19e9d98 100644
--- a/views/1v1-battlefield.ejs
+++ b/views/1v1-battlefield.ejs
@@ -197,7 +197,7 @@
           const s = document.createElement("div");
           s.className = "card-slot";
           if (id === "row1" && i === 1) {
-            s.innerHTML = `<img src="/images/playcards/Silberklinge.png" style="width:100%;height:100%;object-fit:cover;border-radius:7px;">`;
+            s.innerHTML = `<img src="/images/cards/Silberklinge.png" style="width:100%;height:100%;object-fit:cover;border-radius:7px;">`;
           } else {
             s.innerHTML = '<span class="slot-icon">✦</span><span class="slot-num">' + i + "</span>";
           }
@@ -214,10 +214,10 @@
       deckSlot.title = "Dein Deck";
       deckSlot.innerHTML = `
         <div class="deck-stack-wrap">
-          <img class="deck-card-back deck-shadow-3" src="/images/playcards/rueckseite.png">
-          <img class="deck-card-back deck-shadow-2" src="/images/playcards/rueckseite.png">
-          <img class="deck-card-back deck-shadow-1" src="/images/playcards/rueckseite.png">
-          <img class="deck-card-top"                src="/images/playcards/rueckseite.png">
+          <img class="deck-card-back deck-shadow-3" src="/images/cards/rueckseite.png">
+          <img class="deck-card-back deck-shadow-2" src="/images/cards/rueckseite.png">
+          <img class="deck-card-back deck-shadow-1" src="/images/cards/rueckseite.png">
+          <img class="deck-card-top"                src="/images/cards/rueckseite.png">
         </div>
         <span class="deck-count" id="deck-count">—</span>`;
       hand.appendChild(deckSlot);
@@ -228,7 +228,7 @@
         const s = document.createElement("div");
         s.className = "hand-slot hand-slot-card";
         s.id = id;
-        s.innerHTML = `<img src="/images/playcards/Silberklinge.png"
+        s.innerHTML = `<img src="/images/cards/Silberklinge.png"
           style="width:100%;height:100%;object-fit:cover;border-radius:7px;">`;
         hand.appendChild(s);
       });
@@ -268,7 +268,8 @@
             const slot = document.getElementById(id);
             if (!slot || !card) return;
             slot.innerHTML = card.image
-              ? `<img src="/images/playcards/${card.image}"
+              ? `<img src="/images/cards/${card.image}"
+                   onerror="this.src='/images/cards/rueckseite.png'"
                    title="${card.name}"
                    style="width:100%;height:100%;object-fit:cover;border-radius:7px;">`
               : `<div style="display:flex;flex-direction:column;align-items:center;