![](https://lemmy.world/pictrs/image/d32e2dc4-5ada-45fb-813e-a0fd4a6cdcfc.jpeg)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
Being connected online is advertising intrusion vectors to would-be nefarious actors
Being connected online is advertising intrusion vectors to would-be nefarious actors
A government-sponsored instance could be interesting, but I’m not sure what value it would bring. Also it would probably turn instantly into worse than Facebook with toxicity.
I didn’t think we would have ads so soon on Lemmy, lol
Putting Tumblr on ActivityPub could be interesting and potentially save it, but there’s so much deleted content from when it was in its prime that I’m not sure if it’s even worth it. The platform is so dead.
That said, giving taxpayer money to private social media businesses is the worst idea ever. In the first place, public money should mean public code.
Hey, that’s like an IPFS gateway
It works, thanks!
It would surprise me if that was the explanation since this can be easily fixed by Lemmy.world itself by not sending two Accept-Control-Allow-Origin
headers, thus breaking web clients.
Right now, I’m forced to route my own calls to my server on the app I’m making because Lemmy.world is misconfigured.
I guess that for instance below 0.18.1, it makes sense, since Lemmy had a bug at that point that didn’t allow web clients to connect.
It would help on other websites and on some in-app ads from mobile devices
I’m on Firefox, too. Can you try on a fresh profile?
Hi! I noticed an issue with the headers sent by Lemmy.world.
Headers sent from and to this website’s official UI look like this:
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:35:17 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range
X-Firefox-Spdy: h2
Which is fine. However, headers received by custom clients look like this:
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:33:50 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: https://natoboram.github.io
access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
There’s two access-control-allow-origin
! This still breaks web clients.
Oh wow, it actually works!
Try on another browser just to see
Kbin also turns all your upvotes into reblogs, so you’ll be spamming Mastodon users whenever you like posts
People will hate you regardless of what you do
It works so well, that’s very refreshing
Full post is visible from
lemmy.world
, too: https://lemmy.world/post/2064026