Hey, you, who's reading this in the future: you can find out who I am today at https://rarf.zone/about/. 💙


E-mail me at:
info@rarf.zone
Mastodon/Fediverse
yiff.life/@katja

staff
@staff

it’s been a year (approximately) of patch notes! a weird milestone but a valid one. thanks for being here with us.

this is also the first week where we get to reap the benefits of our re-situated sprint cycle (they end on Wednesday now) and use our trello “done” column instead of going through git commits, making this waaaaaaay easier to write.

WANTED DEAD OR ALIVE: information on the Firefox “upload failed” CORS bug

a mysterious figure in an ill-fitting trenchcoat and fedora. he has a stylish mustache and the build of three eggbugs standing on top of each other.

Psst, hey you. I heard you might be in the business of taking care of…problems. Is that right? Well, I’ve got a job for you, if you can bring ‘em in alive, that is. A longstanding bug has been preventing many a Firefox user from uploading images to Cohost and we need some assistance tracking down the issue. Here’s the lowdown:

Every now and then, users will write in saying that their images get stuck in the “uploading” state, trapped in purgatory. The vast majority of these cases come from Firefox. Further inspection reveals that the majority of these cases are caused by a CORS request failure when attempting to upload to our image host.

That’s…all we got! We have yet to reproduce this issue (except for a single freak incident on jae’s computer) and can’t seem to nail down where it’s coming from. Our first guess was Firefox tracking prevention, but fiddling with that doesn’t seem to reliably fix the issue. My next best guess is a common plugin or extension.

The first person to figure out what’s going on and provide clear, reliable steps to reproduce the issue will be awarded with 2 codes each good for one year of Cohost Plus. Use them as you wish!

Email support@cohost.org with subject “CORS Hell” with your findings. Good luck and stay safe!


on to the patch notes!

  • published an updated Markdown / HTML guide!
    • it’s linked here, but you can also access is via the little question mark icon in the post composer
  • added a display setting to auto-expand all posts with content warnings
    • we heard from some users that they wanted the ability to see all content-warned posts without clicking through. this is an easy change for us, so we did it.
    • this is, obviously, off by default, but you can enable it in the settings page in the CW filtering section
  • fixed performance issues with the bookmarked tag feed
    • users with lots of bookmarked tags would experience performance issues when going to later pages in their feed, occasionally resulting in timeouts
    • the fix for this required changing how we do pagination for the bookmarked tag feed.
    • depending on how this performance improvement works out, we may expand this to other parts of the site.
  • we had some downtime the other night but we got better
    • this is on the patch notes because investigation + postmortem took a full day of jae’s week, so it counts
  • temporarily disabled mobile quick share due to ongoing issues
  • fixed a bug where posts with long tags would display the full tag list instead of collapsing their height
  • fixed a bug where collapsed 18+ posts didn’t have their tags visible
  • behind the scenes, colin spent most of his week working on wiring up our various billing software to an automated tax remittance system to save himself a few hours of paperwork every month (many more hours than that once we support subscriptions), and pondering in what ways garden chainsaws are different from other types of chainsaws
  • changed how login sessions work under the hood
    • vital work for 2fa, passwordless login, API authentication, and much much more!
    • unfortunately this deploy didn’t quite go as planned and logged several users out. we were able to hotfix this issue shortly thereafter so this wasn’t a universal experience, thankfully.
  • fixed a bug where changing your password would return an error, despite actually changing your password successfully.

here’s what’s coming up!

  • jae: prep work for the public API
    • the public API will be based off our modern API framework, which means a lot of older endpoints have to be ported over to use the new system. we’re comfortable shipping without full support for everything, but Posting is the big use-case and that system is still on a legacy API.
  • colin: finishing touches on 2fa
  • aidan: ui improvements to the comment section, and continuing design support on 2fa, markdown reference, and other smallish improvements!
  • kara: tracking down the CORS issue from central command. I believe in you, agent. Also working on the support backlog. We’re pretty close to the end here. Two more weeks or so assuming I don’t spontaneously combust?

thanks for using cohost!


You must log in to comment.

in reply to @staff's post:

Kind of shocked I haven't encountered that CORS bug because I do use Firefox and I generally have a "talent" for unintentionally finding odd bugs in software. Godspeed to the bug hunters and thanks for the patch notes!

ooooh good luck to whoever pursues that bug bounty, and thanks for 1 year(ish) of updates! i have a question: in cohost patch notes vol. 50, you mentioned that you were still working on the january financial report. unless you published it and i missed it, i assume you're still working on it? it seems like you've been pretty busy the past few weeks so i can understand if you've needed to push it back

  • fixed a bug where posts with long tags would display the full tag list instead of collapsing their height

was this a result of the post about the bee movie script tag? if so, oops i think

I didn't even see that one, it's funny to me that we had two Extremely Long Tag Incidents in a week that had no apparent overlap on my end.

I should've submitted that feedback request to adjust the word wrap on extremely long tags in the post editor so they conform to the capsule shape, but i forgot lol.

the HTML reference states "an HTML element for an image, which does not need a closing tag and cannot end, but should end in />" (and also recommends <br />), but isn't that deprecated as of HTML 5? as far as I understand the / carries no semantic meaning and is only allowed there for backwards compatibility with XHTML

looks like HTML 4 was designed to be SGML-conformant, which means it ough to have been a parse error (though I don't think there ever existed a single strictly conforming HTML 4 parser). apparently SGML also has a short way to write <tag></tag> but that's <tag// which is just horrible

we don't have anywhere near enough information to file a useful bug report yet, hence the bounty we put out! once we know what's happening, including confirming it's not Our Fault (haven't ruled that out yet) we absolutely will

fixed a bug where posts with long tags would display the full tag list instead of collapsing their height

As a serial tag essayist, thank you so much for fixing this! I kept forgetting to report it despite noticing it basically every time I made a substantial post, probably because I'd just spent all my writing energy on talking about fictional robots, haha :host-nervous: (sorry about that!)


As an aside, it might be worth adding horizontal rules to the Markdown cheatsheet, since Cohost does support them and, while not always super relevant to the average user, they're pretty basic Markdown formatting and the cheatsheet also lists other relatively niche things like footnotes.

I... I could have been using a href= etc for links this whole time??? I've been struggling to remember what order Markdown needs for links and I could have just been typing them out like I have been for decades???? This is the best patch notes for linking to the new guide that let me realize that!!!

Oh, and the three eggbugs in a trench coat illustration doesn't hurt either. Great notes and good job everyone.

Hmm the upload bug you mention sounds suspiciously similar to a long old bug that you can find in Dropbox from time to time. Uploads never seem to finish at the last minute, and it's always a Firefox problem. It tends to happen with relatively big files like above 50-100mb though. You might want to check out if you can get a similar behaviour with Firefox and files of a certain big size i.e above what 25-50mb maybe?

Re: the CORS bug, I have encountered it on Vivaldi (Desktop and Android) as well as Ecosia (iOS). Firefox was working fine for me, and I understand Vivaldi is Chromium based and Ecosia on iOS is Safari based… dunno if that helps but I miss being able to upload images :(

UPDATE: Also having issues on Firefox now...

hmm the only time i've gotten CORS specifically was from having cohost.org whitelisted in umatrix, but not sfo3.digitaloceanspaces.com

i've had the same symptom from attaching an image which no longer exists in the filesystem when i try to post (easily caused by trying to attach multiple screenshots from the same screenshot tool) but i don't know if that was CORS or not

already emailed these both to support@ though

ALSO THANKS wow i should finish part 3

i was actually surprised it was a problem with cohost because i did not even realize you could take the File from a dnd and attach it to a form; i've always just read the Blob out of it immediately and thought that was the only thing you could do. fwiw this has always worked with discord, twitter, tumblr, etc. as far as i know