search

nielssp / uncomment

Self-hosted comment system for static sites.
Mozilla Public License 2.0
2 stars 0 forks source link

Seems to not be working? #1

Closed Jieiku closed 2 years ago

Jieiku commented 2 years ago

I have been developing a theme for Zola, which is pretty much feature complete, all that is left is to implement a comment system for the demo site: https://abridge.netlify.app/

I tried leaving a comment here: https://nielssp.dk/2022/03/uncomment/

2022-06-16_02-23-11

2022-06-16_02-23-00

nielssp commented 2 years ago

Thank you for reporting this, it should work now in version 0.1.1. The problem was a feature that validates newly created thread ids (i.e. pages that haven't previously received comments) by making a HTTP request to the page. Apparently the HTTP client I was using didn't support TLS by default, so I had to enable that.

Jieiku commented 2 years ago

I also noticed your site is accessible via HTTP, (no https redirect) I do understand that maybe this was intentional but I thought I should point it out. (just in case)

http://nielssp.dk/2022/03/uncomment/

I recently found https://observatory.mozilla.org/ which has been very useful.

If your curious you can see my CSP here: https://github.com/Jieiku/abridge/blob/master/netlify.toml

I love how lightweight Uncomment is, I will be implementing the postgresql variant of Uncomment very soon! Thank You!

nielssp commented 2 years ago

It's intentional, although maybe a bit silly. It's so that I can still access my website from really old browsers that don't support modern TLS (e.g. for stuff like https://nielssp.dk/guis/kde-1.1.2/screenshots/). I'd hate to break backward compatibility and I wish there was a way to "be more secure" while also maintaining backward compatibility.

Jieiku commented 2 years ago

You can set the TLS level as well as the ciphers, how old of a system are you trying to preserve compatibility with?

I am unsure how much experience you have with TLS (You may very well have more than I do.)

When I need to support older stuff I usually just use the mozilla ssl configurator: https://ssl-config.mozilla.org/ (it is able to generate a config for a wide variety of web servers and proxy servers)

You can check the OLD radio button if you need it, I use intermediate and it supports fairly old stuff!

WOW! From those screenshots your talking about some pretty old stuff, hahahaha, I think I understand why you did it now!

(man those pictures take me back! interesting to see those.)

I made some progress with getting Uncomment going, may have some pull requests for you later if your open to them.