Most people do
Most people do
Hey, that’s like an IPFS gateway
It works, thanks!
It would surprise me if that was the explanation since this can be easily fixed by Lemmy.world itself by not sending two Accept-Control-Allow-Origin
headers, thus breaking web clients.
Right now, I’m forced to route my own calls to my server on the app I’m making because Lemmy.world is misconfigured.
I guess that for instance below 0.18.1, it makes sense, since Lemmy had a bug at that point that didn’t allow web clients to connect.
It would help on other websites and on some in-app ads from mobile devices
I’m on Firefox, too. Can you try on a fresh profile?
Obscurity mode
You should try pnpm
, it solves that issue!
Hi! I noticed an issue with the headers sent by Lemmy.world.
Headers sent from and to this website’s official UI look like this:
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:35:17 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range
X-Firefox-Spdy: h2
Which is fine. However, headers received by custom clients look like this:
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:33:50 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: https://natoboram.github.io
access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
There’s two access-control-allow-origin
! This still breaks web clients.
Oh wow, it actually works!
Try on another browser just to see
Kbin also turns all your upvotes into reblogs, so you’ll be spamming Mastodon users whenever you like posts
People will hate you regardless of what you do
It works so well, that’s very refreshing
Full post is visible from
lemmy.world
, too: https://lemmy.world/post/2064026