Should Fediverse Web apps show remote content to unauthenticated users?
Uncategorized
19
Posts
7
Posters
5
Views
-
@evan To be clear, is 'it' in the above always the local browser as opposed to the server a.example (proxy-requesting on the unauthenticated user's behalf).
@virtuous_sloth the browser is loading a page on a.example that calls the API at b.example (either server-side or client-side, but much easier server-side) and formats the JSON response as HTML.
-
-
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
@evan Yes, depending on privacy settings of course. For public posts, absolutely yes
-
@evan Yes, depending on privacy settings of course. For public posts, absolutely yes
@fabio search and AI spiders?
-
@fabio search and AI spiders?
This post is deleted! -
@virtuous_sloth the browser is loading a page on a.example that calls the API at b.example (either server-side or client-side, but much easier server-side) and formats the JSON response as HTML.
@evan That is not as clear as you seem to think.
When you say "the browser is loading a page on a.example" I think you really mean "the browser is loading a page *from* a.example". When you say "that calls the API at b.example" what I think you really mean is "the browser that has loaded the page from a.example which includes javascript code then runs that code which, in the browser, makes an HTTP connection to the b.example website, using the web API there to get some data. That data is ...
-
@evan That is not as clear as you seem to think.
When you say "the browser is loading a page on a.example" I think you really mean "the browser is loading a page *from* a.example". When you say "that calls the API at b.example" what I think you really mean is "the browser that has loaded the page from a.example which includes javascript code then runs that code which, in the browser, makes an HTTP connection to the b.example website, using the web API there to get some data. That data is ...
@evan either HTML representation of the information requested (in the case of server-side, which means server-side production of HTML which is then rendered in the browser, possibly as a subsection of the loaded page from a.example) or is simply data which is then received by the javascript in the browser that is then rendered into HTML by the javascript (in the case of client side), perhaps directly modifying the DOM of the page in the browser.
Maybe. I think developers think they are being...
-
@evan either HTML representation of the information requested (in the case of server-side, which means server-side production of HTML which is then rendered in the browser, possibly as a subsection of the loaded page from a.example) or is simply data which is then received by the javascript in the browser that is then rendered into HTML by the javascript (in the case of client side), perhaps directly modifying the DOM of the page in the browser.
Maybe. I think developers think they are being...
@evan clear when they are really relying on the reader to have developer-level understanding of all the moving parts that are hinted at by plain English words that do not mean the loaded information without explicit knowledge by the reader.
I'm not a developer, have a very good understanding of where code can run in what contexts on multiple servers with data flowing between them, which is how I guess at the above, but do not know enough details to be sure.
-
@evan clear when they are really relying on the reader to have developer-level understanding of all the moving parts that are hinted at by plain English words that do not mean the loaded information without explicit knowledge by the reader.
I'm not a developer, have a very good understanding of where code can run in what contexts on multiple servers with data flowing between them, which is how I guess at the above, but do not know enough details to be sure.
@evan And yes, I know that any communication would be tortuous if you had to assume nothing of your reader.
I suppose that is why I do appreciate it when you qualify your surveys with, for example, "Full-stack developers only".
-
@evan And yes, I know that any communication would be tortuous if you had to assume nothing of your reader.
I suppose that is why I do appreciate it when you qualify your surveys with, for example, "Full-stack developers only".
@evan To be more explicit, I think I understood your explanatory reply to your original survey but wanted clarification that the repeated word "it" was referring to the user's browser, or perhaps "the user's browser running javascript loaded in the page fromm a.example".
Your first sentence response to my question seemed to confirm this. But then your followup about server-side or client-side made me wonder if my contra-example of a.example proxying interaction with b.example was correct.
-
@evan To be more explicit, I think I understood your explanatory reply to your original survey but wanted clarification that the repeated word "it" was referring to the user's browser, or perhaps "the user's browser running javascript loaded in the page fromm a.example".
Your first sentence response to my question seemed to confirm this. But then your followup about server-side or client-side made me wonder if my contra-example of a.example proxying interaction with b.example was correct.
@virtuous_sloth It's usually correct. A lot of Fediverse servers use CORS or authenticated fetch to prevent loading the data directly into the browser. I feel like you're getting very particular about how it's implemented, which is fine. If that's important to you, express why and how it affects your answer in a reply.
-
undefined evan@cosocial.ca shared this topic
-
@evan
Yes, but...- only when the original posts are public or quiet-public.
- with appropriate protections against "ai" scrapers and whatever other prevailing threats of the day.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
This post did not contain any content.
-
@storiespettinate mitica. Bellissimo. Grazie
-
Chiapas: “un quirofano en la selva lacandona”. via al progetto solidale per una struttura sanitaria autonoma zapatista
@anarchia
30 anni fa, il 16 febbraio 1996, l’EZLN – l’Esercito zapatista di liberazione nazionale, in Chiapas – e l’allora Governo messicano (guidato dal presidente Ernesto Zedillo) firmavano gli Accordi di
-
“Reflect Orbital … plans to deploy satellites fitted with in-space mirrors to beam reflected sunlight back to Earth at night. Marketed as “sunlight on demand,” the company says the system could extend daylight for solar farms…”
Gah. That is the stupidest idea 😫🔥
-
immagine: Salvatore Ferragamo, Foulard in crêpe de chine collezione autunno/inverno 1988-1989
Fulvia Ferragamo the Lady of silk.
Fulvia Ferragamo, daughter of Salvatore and Wanda, who died at the age of 68 in 2018, created the legendary scarves for the family business which today still represent a metonym for the allure of the family business: colourful, extremely elegant ... https://cctm.website/fulvia-ferragamo-la-signora-della-seta-2/
-
@FraEmme ho visto che hanno risposto con tante opzioni valide sotto a questo post. Io al momento sto facendo pratica con un amico che ripara vecchie console e vecchie TV a tubo catodico. È un inizio.
-
@maza dai capelli direi che è una osservatrice comica....
-
@andrewcoleman @FraEmme grazie! 💜
