Evan Prodromou
For example, you point your browser at a.example, and it shows you a list of a local user's followers at a.example/user1/followers . If you click on a profile in that list, it loads a.example/remote/user2@b.example .
If this is not an interesting question to you, feel free to skip it!
Evan Prodromou
@virtuous_sloth the browser is loading a page on a.example that calls the API at b.example (either server-side or client-side, but much easier server-side) and formats the JSON response as HTML.
Bruce Elrick
@evan To be clear, is 'it' in the above always the local browser as opposed to the server a.example (proxy-requesting on the unauthenticated user's behalf).
Bruce Elrick
@evan That is not as clear as you seem to think.
When you say "the browser is loading a page on a.example" I think you really mean "the browser is loading a page *from* a.example". When you say "that calls the API at b.example" what I think you really mean is "the browser that has loaded the page from a.example which includes javascript code then runs that code which, in the browser, makes an HTTP connection to the b.example website, using the web API there to get some data. That data is ...
Evan Prodromou
@virtuous_sloth It's usually correct. A lot of Fediverse servers use CORS or authenticated fetch to prevent loading the data directly into the browser. I feel like you're getting very particular about how it's implemented, which is fine. If that's important to you, express why and how it affects your answer in a reply.
Bruce Elrick
@evan To be more explicit, I think I understood your explanatory reply to your original survey but wanted clarification that the repeated word "it" was referring to the user's browser, or perhaps "the user's browser running javascript loaded in the page fromm a.example".
Your first sentence response to my question seemed to confirm this. But then your followup about server-side or client-side made me wonder if my contra-example of a.example proxying interaction with b.example was correct.
Bruce Elrick
@evan And yes, I know that any communication would be tortuous if you had to assume nothing of your reader.
I suppose that is why I do appreciate it when you qualify your surveys with, for example, "Full-stack developers only".
Bruce Elrick
@evan clear when they are really relying on the reader to have developer-level understanding of all the moving parts that are hinted at by plain English words that do not mean the loaded information without explicit knowledge by the reader.
I'm not a developer, have a very good understanding of where code can run in what contexts on multiple servers with data flowing between them, which is how I guess at the above, but do not know enough details to be sure.
Bruce Elrick
@evan either HTML representation of the information requested (in the case of server-side, which means server-side production of HTML which is then rendered in the browser, possibly as a subsection of the loaded page from a.example) or is simply data which is then received by the javascript in the browser that is then rendered into HTML by the javascript (in the case of client side), perhaps directly modifying the DOM of the page in the browser.
Maybe. I think developers think they are being...
Bruce Elrick
@evan Very well.
I'm trying to understand even the point of the question. In my mind, a web app running in a user's browser is under the user's control, for the most part, so even if the author of the web app thinks the answer is 'no' they have little recourse for users who modify the web app to show remote content when unauthenticated.
Should an unauthenticated user have access to data on b.example is a decision for b.example. But is b.example trusts a.example and a.example proxies...
Evan Prodromou
Thanks to everyone who replied! I am a "yes, but...".
Yes, but you should clearly identify it as remote content or a remote profile.
People on here freak out sometimes when they see remote profiles or remote content on a Fediverse-enabled server. They say it has "shadow profiles" or "scraped content."
Clearly identifying that it comes from the Fediverse can help with this a lot.
Evan Prodromou
@cheeaun It's a good idea!
Chee Aun 🤔
@evan just thinking, if user click on a remote profile, it could technically just go straight to remote server’s profile page? 🤔
Probably confusing for some users, but could potentially “educate” them that the fediverse actually consists of multiple servers linking/talking to one another.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.