![](https://lemmy.world/pictrs/image/d32e2dc4-5ada-45fb-813e-a0fd4a6cdcfc.jpeg)
![](https://lemmy.world/pictrs/image/ea4c7d39-bb1c-4f59-b46b-c795c3ee0536.jpeg)
You’re allowed to delete comments on Lemmy :)
(They’ll still be visible to third-party app users but that’s another topic, it should be fixed eventually)
You’re allowed to delete comments on Lemmy :)
(They’ll still be visible to third-party app users but that’s another topic, it should be fixed eventually)
Lots of posts where I disagreed at first, but I managed to find an understanding and, I guess, become a slightly better person.
One thing I fucking loved was when u/TotesMessenger snitched on their posts and it created drama. That was glorious, every time.
low-hanging fruits*
They only documented it when it came for a non-hateful subreddit and it had lots of upvotes and it wasn’t removed by moderators, except for r/teenagers.
Yeah, that culture is coming from the top, nothing much to do about that one sadly
It’s a different software, so no. Also I think Kbin doesn’t have an API
Hey, that’s like an IPFS gateway
It works, thanks!
It would surprise me if that was the explanation since this can be easily fixed by Lemmy.world itself by not sending two Accept-Control-Allow-Origin
headers, thus breaking web clients.
Right now, I’m forced to route my own calls to my server on the app I’m making because Lemmy.world is misconfigured.
I guess that for instance below 0.18.1, it makes sense, since Lemmy had a bug at that point that didn’t allow web clients to connect.
It would help on other websites and on some in-app ads from mobile devices
I’m on Firefox, too. Can you try on a fresh profile?
Hi! I noticed an issue with the headers sent by Lemmy.world.
Headers sent from and to this website’s official UI look like this:
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:35:17 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range
X-Firefox-Spdy: h2
Which is fine. However, headers received by custom clients look like this:
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 07 Jul 2023 23:33:50 GMT
content-type: application/json
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-encoding: gzip
access-control-allow-origin: https://natoboram.github.io
access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
There’s two access-control-allow-origin
! This still breaks web clients.
Try on another browser just to see
It works so well, that’s very refreshing
Appropriately-rated comment.