hey there! another week of mostly bug fixes and cleanup this week. here’s what’s changed:
- added confirmation dialogs for a few different operations on the site that we’ve received reports of people accidentally activating and regretting having done so: publishing a draft, and unfollowing, silencing, and blocking pages.
- we also fixed the bug where you would only get a confirmation dialog before discarding a post if you closed the post composer with the Escape key or clicking on the backdrop, rather than clicking on the X button.
- the confirmation dialogs we had before were all originally implemented with different code, so adding more was also a good opportunity to get them all on the same codebase and make them all look slightly more presentable.
- fixed the behavior of the “view temporarily” button on the profiles of pages which you have silenced or blocked.
- previously, clicking the button would just show you an empty page. this originally broke as a side effect of fixing some more serious bugs in how blocks and silences worked a while ago. the fix was surprisingly complex and not many people seemed to use the button, so it took a while to get around to it.
- external links no longer have
rel="noreferrer"applied.- when you click a link on the Web, the Web browser tells the page to which you’re going the URL that you came from, using the “Referer” header.
- we know it’s misspelled. that’s just how it is.
- by default, when you open a link offsite it opens in a new tab. more than 99% of cohost users use this default (but you can change it in the settings page if you want!). for users with the “open external links in a new tab” setting turned off, the Referer was already being passed along.
- for historical reasons, in web browsers older than about 2016 it’s insecure to open links in a new tab without setting
rel="noreferrer", so some of our “avoid making silly mistakes” tooling told us to set it and we listened. all of the browsers cohost supports are far newer and provide secure behavior with an alternate setting (rel="noopener") which doesn’t clear the Referer. - we’ve received feedback from some artists using analytics tools for their personal web sites, as well as the tools built into platforms like Itch, that they were incorrectly seeing a very small number of referrals from cohost. this change means that off-site analytics should correctly display traffic coming from cohost, giving an accurate sense of reach.
- if you don’t want this information to be passed along, plugins like Referer Control for Chrome or Referer Modifier for Firefox will let you turn it off.
- when you click a link on the Web, the Web browser tells the page to which you’re going the URL that you came from, using the “Referer” header.
- improved the performance of the bookmarked tags feed if you don’t have any tags bookmarked.
- we’re not sure why this was so slow either, but we kept stumbling into it by accident and it was an easy fix.
- some more small changes that aren’t particularly visible in day-to-day use:
- made all of the paginated views (the dashboard, tagged posts page, drafts page, etc.) more robust to timestamps and “skip posts” arguments that aren’t numbers.
- thanks to the anonymous netizen running a vulnerability scanner against us every morning. your SQL injection didn’t work the first 500 times you tried it, but maybe one of these days.
- got rid of some code that we hadn’t been using in months. the title of the merge request had four question marks in it.
- made all of the paginated views (the dashboard, tagged posts page, drafts page, etc.) more robust to timestamps and “skip posts” arguments that aren’t numbers.
we’re working on a new feature that we’re pretty excited about that needed many of these fixes (as well as the fixes from last week) to actually work correctly. now that they’re done, it’ll hopefully be smooth sailing from here.
thanks, as always, for using cohost! 

