Closed blade10101 closed 2 months ago
Domain not detected in the title, please edit the title by correcting it like this:
Issue title example: [New instance] https://myinstance.com
Hello! Your instance has been added to our monitoring system:
You need to wait 30 days before we add your instance, this is to evaluate that your instance will keep a good uptime for one month.
Make sure you double checked all the mandatory checks or this will slow down the process of adding your instance!
Please consult these two important tutorials:
Escaping the YouTube block (403 errors in playback): https://docs.invidious.io/ipv6-rotator/
Improving the performance and the stability of your public instance: https://docs.invidious.io/improve-public-instance/
It is highly recommended to follow these tutorials because it will allow the instance to stay stable and performant over the long term.
When your instance is added to the instances list, please consider joining the Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#invidious:matrix.org and pinging @ unixfox, @ TheFrenchGhosty and @ SamantazFox to ask to be invited to it. We discuss troubles managing a public instance, we share some advices, we warn you in advance of potential security issues and more.
@blade10101 Thanks for submitting your instance. However, you need to address the following before it can be added after the 30 day wait for uptime:
<script>
(function () {
if (!document.body) return;
var js =
"window['__CF$cv$params']={r:'8779e91e2feb5d21',t:'MTcxMzY2NjE5MS43NDcwMDA='};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";
var _0xh = document.createElement("iframe");
_0xh.height = 1;
_0xh.width = 1;
_0xh.style.position = "absolute";
_0xh.style.top = 0;
_0xh.style.left = 0;
_0xh.style.border = "none";
_0xh.style.visibility = "hidden";
document.body.appendChild(_0xh);
function handler() {
var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;
if (_0xi) {
var _0xj = _0xi.createElement("script");
_0xj.innerHTML = js;
_0xi.getElementsByTagName("head")[0].appendChild(_0xj);
}
}
if (document.readyState !== "loading") {
handler();
} else if (window.addEventListener) {
document.addEventListener("DOMContentLoaded", handler);
} else {
var prev = document.onreadystatechange || function () {};
document.onreadystatechange = function (e) {
prev(e);
if (document.readyState !== "loading") {
document.onreadystatechange = prev;
handler();
}
};
}
})();
</script>
X-XSS-Protection
header, since it's been deprecated for a while now and no modern browser supports it.I addressed the issues, or I believe I have :)
Apr 20, 2024 10:34:27 PM perennial @.***>:
@blade10101[https://github.com/blade10101] Thanks for submitting your instance. However, you need to address the following before it can be added after the 30 day wait for uptime:
- Please disable Cloudflare JavaScript detections[https://developers.cloudflare.com/bots/reference/javascript-detections] on your instance.
- As the GitHub bot mentioned, make sure that you've followed https://docs.invidious.io/ipv6-rotator/ and https://docs.invidious.io/improve-public-instance/.
- While it's not required, consider removing the X-XSS-Protection[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection] header, since it's been deprecated for a while now and no modern browser supports it.
— Reply to this email directly, view it on GitHub[https://github.com/iv-org/documentation/issues/537#issuecomment-2067866769], or unsubscribe[https://github.com/notifications/unsubscribe-auth/BDMGWPHBLJBOLYUO7EARHW3Y6MQTDAVCNFSM6AAAAABGL6N3YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRXHA3DMNZWHE]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/BDMGWPEFRIOTFYNPUOT65LLY6MQTDA5CNFSM6AAAAABGL6N3YWWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT3IESJC.gif]
@blade10101 Your instance looks good now, but just a heads up that you're actually setting the X-XSS-Protection
header twice, rather than removing it entirely.
If you're using nginx, consider using the more_clear_headers
directive from the ngx_headers_more
module to properly remove the header.
From what I gather, I have to recompile nginx outside of docker? Because I set the header as 0 so it didn't have it set.
Apr 21, 2024 10:07:05 PM perennial @.***>:
@blade10101[https://github.com/blade10101] Your instance looks good now, but just a heads up that you're actually setting the X-XSS-Protection header twice, rather than removing it entirely.
If you're using nginx, consider using the more_clear_headers[https://github.com/openresty/headers-more-nginx-module#more_clear_headers] directive from the ngx_headers_more[https://github.com/openresty/headers-more-nginx-module] module to properly remove the header.
— Reply to this email directly, view it on GitHub[https://github.com/iv-org/documentation/issues/537#issuecomment-2068357920], or unsubscribe[https://github.com/notifications/unsubscribe-auth/BDMGWPBMWI5UMLVOIUWMBVDY6RWEJAVCNFSM6AAAAABGL6N3YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRYGM2TOOJSGA]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/BDMGWPBT2DYZRWARLV2XHK3Y6RWEJA5CNFSM6AAAAABGL6N3YWWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT3JCRSA.gif]
You don't need to do anything with the header. Please remove any modification that you are doing for the header X-XSS-Protection on your nginx. Thank you.
I did that this morning.
Apr 22, 2024 8:50:50 AM Émilien (perso) @.***>:
You don't need to do anything with the header. Please remove any modification that you are doing for the header X-XSS-Protection on your nginx. Thank you.
— Reply to this email directly, view it on GitHub[https://github.com/iv-org/documentation/issues/537#issuecomment-2069316966], or unsubscribe[https://github.com/notifications/unsubscribe-auth/BDMGWPFFJ2DIEW34FJLPPDDY6UBSPAVCNFSM6AAAAABGL6N3YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRZGMYTMOJWGY]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/BDMGWPB5IWGM64LCJR55P4DY6UBSPA5CNFSM6AAAAABGL6N3YWWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT3K5CWM.gif]
URL
https://invidious.darkness.services
Mandatory checks
/api/v1/stats
) are enabledMaintainer chart
Host country
United States
Man in the Middle
CloudFlare
Source code URL
No response
Additional information
10 Gbit Connection