Nato Boram

Nato Boram@lemmy.world · 1 year ago

Plus, navigating your blocked communities becomes slightly disturbing

Nato Boram@lemmy.world · 1 year ago

Hey, that’s like an IPFS gateway

Nato Boram@lemmy.world · 1 year ago

Vain and counter-productive

We need content

Nato Boram@lemmy.world · 1 year ago

It works, thanks!

Nato Boram@lemmy.world · 1 year ago

It would surprise me if that was the explanation since this can be easily fixed by Lemmy.world itself by not sending two Accept-Control-Allow-Origin headers, thus breaking web clients.

Right now, I’m forced to route my own calls to my server on the app I’m making because Lemmy.world is misconfigured.

I guess that for instance below 0.18.1, it makes sense, since Lemmy had a bug at that point that didn’t allow web clients to connect.

Nato Boram@lemmy.world · 1 year ago

It would help on other websites and on some in-app ads from mobile devices

Nato Boram@lemmy.world · 1 year ago

Hi! I noticed an issue with the headers sent by Lemmy.world.

Headers sent from and to this website’s official UI look like this:

HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:35:17 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range
X-Firefox-Spdy: h2

Which is fine. However, headers received by custom clients look like this:

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:33:50 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: https://natoboram.github.io
access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2

There’s two access-control-allow-origin! This still breaks web clients.

Nato Boram@lemmy.world · 1 year ago

Kbin also turns all your upvotes into reblogs, so you’ll be spamming Mastodon users whenever you like posts

Nato Boram@lemmy.world · 1 year ago

It works so well, that’s very refreshing