(kemona_halftau)
nicolium (https://codeberg.org/nicolium/nicolium) is the best thing ive ever used so far
i’m going to selfhost and install it tonight
nicolium is pretty good i use it for my gts priv account
@kemona_halftau I think CSP is breaking it: Content-Security-Policy: The page’s settings blocked the loading of a resource (media-src) at data: because it violates the following directive: “media-src 'self' https:”. unfortunately that seems to be hardcoded in akkoma
@noisytoot @kemona_halftau i thought there shouldn't be any, did Akkoma make CSP stricter recently?
@mkljczk @kemona_halftau I’m not sure.
For the media-src error the relevant lines in lib/pleroma/web/plugs/http_security_plug.ex don’t seem to have changed since the fork from Pleroma (the specific line I changed, media_src = "media-src 'self'", was last modified in 29ff6d414ba096e74e04264af895abcabcf580b4, which is also present in Pleroma).
After I changed that line to media_src = "media-src 'self' data:", fixing that error, there were more errors like:
Content-Security-Policy: The page’s settings blocked an inline style (style-src-elem) from being applied because it violates the following directive: “style-src 'self' 'nonce-WlLRBgEccsn_Tmf'”. Consider using a hash ('sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=', requires 'unsafe-hashes' for style attributes) or a nonce.
which appear to be related to the CSP nonce plug (lib/pleroma/web/plugs/csp_nonce_plug.ex), which is new in Akkoma and was added in e2320f870e6ef4e8fc9f63282cbd459e819d740a in December 2022.
@mkljczk @kemona_halftau btw the download command in the documentation (curl -O https://web.nicolium.app/release.zip) doesn’t work because it’s a redirect, you need to add -L to make curl follow redirects
@noisytoot @kemona_halftau thanks, I just changed the URL recently without testing (and personally I use wget), will fix soon
@noisytoot @kemona_halftau it seems i somehow had curl configured to follow redirects by default