Hey, that’s like an IPFS gateway
Hey, that’s like an IPFS gateway
Vain and counter-productive
We need content
It works, thanks!
It would surprise me if that was the explanation since this can be easily fixed by Lemmy.world itself by not sending two Accept-Control-Allow-Origin
headers, thus breaking web clients.
Right now, I’m forced to route my own calls to my server on the app I’m making because Lemmy.world is misconfigured.
I guess that for instance below 0.18.1, it makes sense, since Lemmy had a bug at that point that didn’t allow web clients to connect.
It would help on other websites and on some in-app ads from mobile devices
Hi! I noticed an issue with the headers sent by Lemmy.world.
Headers sent from and to this website’s official UI look like this:
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:35:17 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range
X-Firefox-Spdy: h2
Which is fine. However, headers received by custom clients look like this:
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:33:50 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: https://natoboram.github.io
access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
There’s two access-control-allow-origin
! This still breaks web clients.
Kbin also turns all your upvotes into reblogs, so you’ll be spamming Mastodon users whenever you like posts
It works so well, that’s very refreshing
Plus, navigating your blocked communities becomes slightly disturbing