Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

479
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.5.0-alpha.1

#cors

0 posts0 participants0 posts today
just small circles 🕊

TIL that #CORS also stands for "cat–owner relationship scale". Delightful.

journals.plos.org/plosone/arti

journals.plos.orgBehavioral responses of domestic cats to human odorPeople all around the world live with cats and cats engage in many social behaviors toward their owners. Olfaction is one of the most important sensory abilities in cats, yet its role in recognizing humans remains unclear. In this study, we assessed the role and characteristics of olfaction in the discrimination of known or unknown humans by cats using ethological methods. Whether cats exhibit a lateralization of nostril use in response to a variety of olfactory stimuli, exposure experience, inter alia, was investigated. Cats were simultaneously presented with three odor stimuli: that of a known person (owner), an unknown person, and a blank control. Responses to the cat 2 scale (Feline Five) and the cat–owner relationship scale (CORS) were collected from cat owners through questionnaires. It was observed that cats spent a substantially longer time sniffing the odor of an unknown person than that of a known person, indicating the use of their sense of smell to distinguish between heterospecific (human) individuals. While responding to odor stimuli from unknown humans, the cats displayed marked lateralization in the use of one nostril or another. An association was observed between the first odor the cat sniffed among known, unknown, and blanks and the personality score. A strong correlation was found between the number of repetitive sniffing odors and personality scores in male cats. No association was evident between the cat’s behavior and the cat–owner relationship score. Rubbing of their faces against an object immediately after sniffing it was observed and thus a possible relationship between the olfactory exploration and subsequent rubbing (odor-marking) behavior in cats is postulated. However, this relationship warrants further investigation along with the theory of whether cats are able to recognize a specific person from olfactory cues.
#cats#catsofmastodon
*
Lanie Molinar Carmelo

🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

Setup

  • MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
  • Nextflux: Hosted on Cloudflare Pages.
  • Reverse Proxy: #Caddy (installed via AUR).
  • Cloudflare Access: Enabled for security and SSO.
  • Cloudflared: Also installed via AUR.
  • CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

What’s Working

  • MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
  • Nextflux is properly deployed on Cloudflare Pages.

The Problem

Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

  1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  2. Cloudflare Access Redirection:

    Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.

  3. Failed to Fetch:

    Failed to fetch: TypeError: Failed to fetch.

What I’ve Tried

  1. Service Token Authentication:

    • Generated a service token in Cloudflare Access for Nextflux.
    • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
    • Updated Cloudflare Access policies to include a bypass rule for this service token.

  2. CORS Configuration:

    • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
    • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.

  3. Policy Adjustments:

    • Created a bypass policy for my home IP range and public IP.
    • Added an "Allow" policy for authenticated users via email/login methods.

  4. Debugging Logs:

    • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

Current State

Despite these efforts:

  • Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
  • The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

Goals

  1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
  2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

My Environment

  • Raspberry Pi 500 running Arch Linux ARM.
  • Both Caddy and Cloudflared are installed via AUR packages.
  • MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

Relevant Logs

From cloudflared:

ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

From the browser console:

Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

Questions

  1. Is there a better way to configure CORS for this setup?
  2. Should I be handling authentication differently between Nextflux and MiniFlux?
  3. How can I ensure that requests from Nextflux include valid access tokens?

Any help or advice would be greatly appreciated! 🙏

#SelfHosting#CaddyServer#RSS
Continued thread
*
Felix Palmen :freebsd: :c64:

Ok I guess I'll have to give up again quite quickly 😦

#Microsoft #Teams is broken for me as soon as I disable #IPv4. From what I could understand in this horrible mess of a "web app", the reason is probably some #CORS error. I have no idea how that could ever be related to #IPv6 or #NAT or anything. Tried temporarily disabling #NAT64 (to force direct v6 connections), tried adding all of Microsofts v6 networks to the "exclude" option of bind9 to have everything pass #NAT64 *avoiding* native IPv6, tried several ways to disable CORS, nothing helped. 🤬

Anyone know about these issues with teams?

edit: to clarify, "everything" seems to work except for the main purpose: join an actual call ...

Roberto B.

🚨 CORS error blocking your Laravel API? 🚨

If your frontend and Laravel backend are on different domains, you’ve probably hit the dreaded CORS policy error.
Don’t let it break your app! Learn how to configure your Laravel application to allow cross-origin requests, and get your API running smoothly.

🔧 Fix it now: dev.to/robertobutti/resolve-bl

DEV CommunityResolve "Blocked by CORS Policy: No 'Access-Control-Allow-Origin'" in LaravelIf your frontend and Laravel backend are on different domains, you’ve probably hit the dreaded CORS...
#cors#php#laravel
jub0bs

😇 With jub0bs/cors v0.2.0, you can now reconfigure your CORS middleware on the fly, even as the middleware is processing requests.

jub0bs.com/posts/2024-05-14-re

jub0bs.com · Reconfigurable CORS middleware with jub0bs/cors :: jub0bs.comTL;DR ¶ In this short follow-up to my previous post, I describe why and how I’ve added support for dynamic reconfiguration of CORS middleware in jub0bs/cors. Rethinking configuration immutability ¶ Up until now, I’ve been arguing that CORS middleware should not be reconfigurable on the fly and that any change to their configuration should require a server restart: Insofar as CORS relaxes some of the restrictions enforced by the SOP, it is a security-critical mechanism.
#golang#cors
jub0bs

Hi Gophers! If you're tired of being frustrated by CORS, I've got just the remedy. 💊

jub0bs.com/posts/2024-04-27-ju

jub0bs.com · jub0bs/cors: a better CORS middleware library for Go :: jub0bs.comTL;DR ¶ I’ve just released jub0bs/cors, a new CORS middleware library for Go, perhaps the best one yet. It has some advantages over the more popular rs/cors library, including a simpler API, better documentation, extensive configuration validation, a useful debug mode, stronger performance guarantees. Here is a representative example of client code: package main import ( "io" "log" "net/http" "github.com/jub0bs/cors" ) func main() { mux := http.NewServeMux() mux.HandleFunc("GET /hello", handleHello) // no CORS on this corsMw, err := cors.
#cors#golang
@reiver ⊼ (Charles) :batman:

Some of the #Fediverse software is not setting #CORS headers for their #Atom & #RSS #WebFeed

They should. But they aren't.

...

Adding #CORS headers makes it so Atom & RSS WebFeeds can be pulled at the client end (and doesn't have to run through a server).

If you care about #privacy , you should care about this. As not having it have to run through a server protects privacy more.

...

For example, the Atom & RSS WebFeeds should have this CORS header:

Access-Control-Allow-Origin: *

Tad Lispy

Does anyone know of a free (as in beer 🍻 ) text snippet hosting service that sets the CORS headers to allow GET requests from any origin?

The reason to ask is that I'm working on a web game where levels can be created by other people as text and loaded from 3rd party websites. Now I want to write simple instructions for not very technical people to be able to extend the game. They will need a way to host their levels somewhere.

#HTTP#CORS#AccessControl
TrendingLive feeds
About