it’s been a year (approximately) of patch notes! a weird milestone but a valid one. thanks for being here with us.
this is also the first week where we get to reap the benefits of our re-situated sprint cycle (they end on Wednesday now) and use our trello “done” column instead of going through git commits, making this waaaaaaay easier to write.
WANTED DEAD OR ALIVE: information on the Firefox “upload failed” CORS bug

Psst, hey you. I heard you might be in the business of taking care of…problems. Is that right? Well, I’ve got a job for you, if you can bring ‘em in alive, that is. A longstanding bug has been preventing many a Firefox user from uploading images to Cohost and we need some assistance tracking down the issue. Here’s the lowdown:
Every now and then, users will write in saying that their images get stuck in the “uploading” state, trapped in purgatory. The vast majority of these cases come from Firefox. Further inspection reveals that the majority of these cases are caused by a CORS request failure when attempting to upload to our image host.
That’s…all we got! We have yet to reproduce this issue (except for a single freak incident on jae’s computer) and can’t seem to nail down where it’s coming from. Our first guess was Firefox tracking prevention, but fiddling with that doesn’t seem to reliably fix the issue. My next best guess is a common plugin or extension.
The first person to figure out what’s going on and provide clear, reliable steps to reproduce the issue will be awarded with 2 codes each good for one year of Cohost Plus. Use them as you wish!
Email support@cohost.org with subject “CORS Hell” with your findings. Good luck and stay safe!
on to the patch notes!
- published an updated Markdown / HTML guide!
- it’s linked here, but you can also access is via the little question mark icon in the post composer
- added a display setting to auto-expand all posts with content warnings
- we heard from some users that they wanted the ability to see all content-warned posts without clicking through. this is an easy change for us, so we did it.
- this is, obviously, off by default, but you can enable it in the settings page in the CW filtering section
- fixed performance issues with the bookmarked tag feed
- users with lots of bookmarked tags would experience performance issues when going to later pages in their feed, occasionally resulting in timeouts
- the fix for this required changing how we do pagination for the bookmarked tag feed.
- depending on how this performance improvement works out, we may expand this to other parts of the site.
- we had some downtime the other night but we got better
- this is on the patch notes because investigation + postmortem took a full day of jae’s week, so it counts
- temporarily disabled mobile quick share due to ongoing issues
- fixed a bug where posts with long tags would display the full tag list instead of collapsing their height
- fixed a bug where collapsed 18+ posts didn’t have their tags visible
- behind the scenes, colin spent most of his week working on wiring up our various billing software to an automated tax remittance system to save himself a few hours of paperwork every month (many more hours than that once we support subscriptions), and pondering in what ways garden chainsaws are different from other types of chainsaws
- changed how login sessions work under the hood
- vital work for 2fa, passwordless login, API authentication, and much much more!
- unfortunately this deploy didn’t quite go as planned and logged several users out. we were able to hotfix this issue shortly thereafter so this wasn’t a universal experience, thankfully.
- fixed a bug where changing your password would return an error, despite actually changing your password successfully.
here’s what’s coming up!
- jae: prep work for the public API
- the public API will be based off our modern API framework, which means a lot of older endpoints have to be ported over to use the new system. we’re comfortable shipping without full support for everything, but Posting is the big use-case and that system is still on a legacy API.
- colin: finishing touches on 2fa
- aidan: ui improvements to the comment section, and continuing design support on 2fa, markdown reference, and other smallish improvements!
- kara: tracking down the CORS issue from central command. I believe in you, agent. Also working on the support backlog. We’re pretty close to the end here. Two more weeks or so assuming I don’t spontaneously combust?
thanks for using cohost!


(sorry about that!)