Open concur1 opened 1 year ago
concur1
commented
1 year ago I realize that this might actually be quite a few different issues. I am happy to write them up as separate issues. Please let me know which ones (if any) you would like to be added as separate issues.
sheodox
commented
1 year ago Thanks for all the ideas! You're not the only one who's really excited about more features for the columns, the current implementation is pretty limiting though so none of this would be easy to do quite yet, but when I get there I'll refer back to this. I'd say for now it's good to keep it all as one issue, easier to digest once I start working on an overhaul of the column stuff someday.
sheodox
commented
1 year ago Quick note though:
Have an option to view external content from the post link inside a column alongside the Lemmy post content. I don't know how technically viable this is but it would be cool to be able to view external content without leaving alexandrite.app.
I don't think I'd really be able to do this. I'd have to embed the linked page in an <iframe>, but many websites use a header to forbid that as it could leave them vulnerable to clickjacking attacks. So if it'd only work some of the time I'd rather avoid it.
concur1
commented
1 year ago Quick note though:
Have an option to view external content from the post link inside a column alongside the Lemmy post content. I don't know how technically viable this is but it would be cool to be able to view external content without leaving alexandrite.app.
I don't think I'd really be able to do this. I'd have to embed the linked page in an
<iframe>, but many websites use a header to forbid that as it could leave them vulnerable to clickjacking attacks. So if it'd only work some of the time I'd rather avoid it.
How about fetching the content of the linked websites using the js fetch api?
sheodox
commented
1 year ago That'd be even less doable actually for a few reasons.
Browsers don't let you make requests (like fetch) between servers hosted on different domain names unless the server you're fetching from is configured to explicitly allow it.
For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
If browsers didn't have this restriction in place, there would be nothing to stop any random site from trying to use fetch to request the webpages for various popular email services and steal a bunch of sensitive information from you without you knowing.
So out of the gate that means you couldn't use fetch to request websites from the browser (like how everything in Alexandrite works right now). So the only way we could feasibly load random websites would be if Alexandrite proxied every request through the server, but I'm not interested in doing that because that'd increase the server costs exponentially, and I wouldn't be surprised if that'd open me up to legal issues (I'm not a lawyer, but it just sounds like a can of worms).
If, for the sake of argument, using fetch didn't have those security restrictions, all it would do is give you is the HTML of the page, which for many modern websites would probably be close to unreadable (and depending on the site, it might not even have the actual content you wanted to see in it as a lot of websites, including Alexandrite, load some or all of the content through Javascript after the page loads) unless I also loaded all the styles/javascript included in the page's HTML. If I then further tried loading all the random styles/javascript in the linked website all hell would break loose, as any time you clicked a link Alexandrite's styles would be merged with that site's styles and you'd end up with a cursed amalgamation of the two. On top of that it'd be a huge security vulnerability and it'd open any users of Alexandrite up to the same sort of attack lemmy.world had recently.
concur1
commented
1 year ago Ok, that all makes sense, thanks for the response! I will update the original comment to note that this is not viable.
wi-ry
commented
1 year ago I'd love for you to add the ability to automatically expand all posts. For now I'll look at implementing it in Greasemonkey
CrashTD
commented
1 year ago Remove the thumbnail for posts where the Lemmy post content is a picture. It is redundant/waste of space to have the thumbnail showing in addition to the picture in the Lemmy post content.
I want to expand on this. Remove the whole post block from the content page. What i mean is e.g. this:
You have the post block in the list on the left and then when you click it you have it again as exact copy in the content window on the right. double display is unnecessary and a waste of space. shown on the right only the actual content.
like this i mean:
And then you could maybe even put the Close Post, To Comments and Hide Content buttons on the same line right of the the sub indicator. like:
Firstly, thank you for the work! Alexandrite is very cool and I think it is progressing well =). You might have thought about some of this a bit more than me but hopefully there is something useful in the following feedback/observations:
So I guess there are 8 elements relating to a post that I would like to be able to view/optionally view:
Currently I see 1 column of content and 1 column containing the community description/about details.
Here are some proposals on how this post view might be improved:
Have an option to view external content from the post link inside a column alongside the Lemmy post content. I don't know how technically viable this is but it would be cool to be able to view external content without leaving alexandrite.app.This is not viable (read discussion bellow).If you think that any of these might actually help then please let me know and I might try and put something together for a PR (although I don't have much experience with svelte).