I’ve never really used a mobile web app before but I’m very curious to see what the dev can do with it and what the limits might be. So far it’s been great! Not being on the App Store means faster updates. If something breaks the dev can fix it much quicker. It’s also fully cross platform. You can also install it on any device regardless of Android/iPhone and have the same experience.
Right, what I meant is you are hosting it on nginx as norgur.com/wefwef instead of wefwef.norgur.com. I have mine hosted as a subdomain.
What does your nginx code block look like?
That is odd. When I navigate there I get a 502 error. I’m self hosting as well with no issues but mine is on a subdomain and not a sub folder. Maybe that is it?
Same, this will over all hurt the economy on the long run.
Active shows me posts from 2-3 days ago. Fairly useless unless you only check Lemmy like once every few days or once a week.
Yes top hour or top 6 hours from 0.18 would be amazing to have!
Thank you for all the work you do on this app! ❤️
Because instances defederate with each other. For instance Lemmy.world and beehaw.org defederated with each other. There is also the chance that the instance you are on might go under or close which means you would lose your account. So it’s not a bad idea to have multiple accounts on different instances.
Also, when one instance is overwhelmed or down for maintenance you can browse another.
I had this issue and I used this command and it worked.
docker run --rm -it -p 5314:5314 ghcr.io/aeharding/wefwef:latest
Yes. Whoever is hosting the app is acting as a proxy for everyone that is using that hosted version. If 1,000 people are using wefwef.app it is acting as a proxy for 1,000 people and could be rate limited by the Lemmy instance. If you are hosting your own wefwef then it’s just you connecting to the Lemmy instance.
Right now, every request passes through wefwef.app and on to the Lemmy instance (it’s acting as a proxy). From my understanding this is due to a lack of CORS support but that will be fixed in a future Lemmy update.
There is also the privacy/security issue since your session token and what you are browsing on Lemmy passes through this same proxy. Which also will be fixed with CORS support.
If you setup your own self hosted instance you don’t need to worry about these issues.
This is the docker file.
I just followed his instructions on his GitHub and did a docker pull and then docker run.
I just setup my own self hosted with docker so that is at least one less user hammering the site. :)
Does this mean that theoretically you could capture a user's session token or credentials? Since they are passing through your proxy server and not directly going to a Lemmy instance for auth.
Edit: By the way, love the app. It is by far the best for browsing Lemmy. I love the Apollo feel to it.
Edit 2: I saw your comment on Github and I think the answer to my question is "yes, it is theoretically possible to steal the users session token." I would also assume this security/privacy risk would exist for ALL Lemmy apps where you login.
To be clear, I am building a web client for Lemmy called wefwef. https://github.com/aeharding/wefwef/ Currently, I have to proxy all requests to an intermediary server I control. This is not just extra work, but has security and privacy ramifications. So please, check out how Mastodon does it (you can inspect requests with Elk) and check out how it can directly connect to any Mastodon server, since they all allow CORS *. TLDR I think it's actually more secure to have CORS * for all Lemmy instances, because it allows 3rd party web clients to directly connect to a Lemmy instance.
Edit 3 (last and final): I am self hosting with docker now. At least until CORS * is implemented. I think this is the best solution for now.
Sounds like the session token and credentials pass through wefwef servers but aren't stored locally so theoretically they (the dev or wefwef server owner) could capture that info, correct?
What is the security risk of using wefwef.app?
See title. When logging into wefwef.app, does the dev have access to my account credentials or session tokens? Should we all self host our own?
How is that possible when the app has a 4.8 rating?
It's what Digg and Slashdot used to be and Reddit at one time as well. Where there was genuine user interaction. I'm sure Lemmy will also end up the way of the others as well. It's why I enjoyed Reddit in the smaller subs.